Access Buildings with Social Engineering

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Access Buildings with Social Engineering

Author: Tatianna | Published on November 19, 2018 | Views: 1115

Social engineering has always been a strange topic. If there’s something posted online about it, it’s either boring and no-one wants to read it, or it’s misconstrued as a “here’s how you can perform social engineering” tutorial. This post is to help individuals have a high-level understanding of social engineering and the impact it has on personal and organizational security. Just the mere idea that social interactions can be “hacked” from a technological approach is, in a way, unnerving, but many professionals rely consistently on predictable human behavior to collect information and gain access to restricted areas. This article will explore techniques for gaining restricted physical access to rooms and buildings for vulnerability assessment and security testing.

To “Mind Hunter” fans, you’re welcome.

Before beginning, one must consider their appearance in the context of the situation. For example, dressing formally can help someone gain access to offices and corridors, acquiring a maintenance uniform can help solidify access to server rooms and building facilities, and donning a hospital uniform can aid with access into healthcare facility terminals. Scary, right? Once you’ve dressed the part, the consideration needs to be made about how one should move around the building. Walking with confidence and intent will lessen the likelihood that someone will question the unauthorized presence. Another option is that it is possible – or reasonable to assume – that someone can work covertly with people who already have access to the building.

Tailgating is another popular technique used by professionals to gain access to secured buildings. This simply involves covertly following and entering a door opened by approved personnel. Again, assuming the ‘identity’ – not literally – of someone who is supposed to be there will allow you to do this without suspicion. A similar technique involves approaching the door with both hands/arms occupied by something like donuts or coffee. If timed correctly, another individual with clearance will likely help that person through the door to be polite.

Let’s take a moment to stop here and make this point clear…

…being considerate when it comes to helping people in a secure building, especially unknown persons, is a security risk! Obviously, people will perceive it as rude if you close the door behind you, but keep in mind proper procedure for your situation and handle the issue accordingly.

Once you have access to the building, the aforementioned techniques can be used to further access other rooms, elevators, and restricted facilities and/or sectors of a secured area. Individuals with a plan do not waste time to risk getting caught, so it’s important to maintain vigilance. Many facilities with strict security may be on the lookout for these things.

Finally, the unauthorized person has the ability to work within the confines of the building’s organizational function. A spoofed message or assumed identity can grant one access to spaces within the context of the building’s organization. For example, an individual could pose as a technician who needs to bring equipment to the server room. Any potential role or function the building could require can be considered for this approach. In this approach, most attackers will stick to more mundane and predictable things. It may be a technician, a low-key employee, an official delegate, an IT specialist, or even a consultant. This approach can be used in conjunction with other cybersecurity techniques to carry out a thorough security test.

Is your organization or facility ready to be tested?

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel