52ky 发表于 2022-9-8 10:31:13

社会工程学的应用与防范

1.引言社会工程学(SocialEngineering)是把对物的研究方法全盘使用到对人本身的研究上,并将其变成技术控制的工具。社会工程学是一种通过对受害者心思故障、天性反响、猎奇心、信赖、贪婪等心思陷阱进行比如欺骗、损伤等危害手法,获得本身利益的方法。“社会工程学攻击”即是使用大家的心思特征,骗取用户的信赖,获取秘要信息、系统设置等不公开资料,为黑k攻击和病毒感染创造有利条件。网络安全技术发展到必定程度后,起决定因素的不再是技术问题,而是人和管理。网络安全通常简单被入Q者从内部攻破,而使用社会工程学进行网络攻击,有点像影片或许小说中的“卧底”,在获取满足有效的信息后,成功攻破网络。因为安全产品的技术越来越完善,使用这些技术的人,就变成全面环节上最为脆弱的部分,加之人具有贪婪、自私、猎奇、信赖等心思故障,因而通过恰当的方法和方法,入Q者完全能够从相关人员那里获取入Q所需信息。一旦掌握了社会工程学理论,能够获取正常的访问权限,再联系一些网络攻击手法,能够很简单的攻破一个网络,而不论系统的软件和硬件的配置有多高。近年来社会工程学攻击已成敏捷上升甚至滥用的趋势,在病毒的扩展和传达进程中发挥了无穷的效果。例如qq尾巴病毒、爱虫蠕虫病毒、MSN病毒以及钓鱼攻击等。

(1. Introduction Social engineering is to apply the research method of things to the research of people themselves and turn them into tools of technical control. Social engineering is a method to gain self-interest by performing harmful tactics such as deception, damage, etc. on the psychological traps of victims, such as mental failures, natural reactions, curiosity, trust, and greed. "Social engineering attack" is to use everyone's mental characteristics to deceive users' trust, obtain secret information, system settings and other non-public information, and create favorable conditions for hacker attacks and virus infections. After the development of network security technology to a certain extent, the decisive factor is no longer technical issues, but people and management. Network security is usually easily broken by intruders from the inside, and using social engineering to carry out network attacks is a bit like the "undercover" in a movie or a novel. After obtaining sufficient and effective information, the network is successfully broken. Because the technology of security products is becoming more and more perfect, the people who use these technologies become the most vulnerable part in the overall link. In addition, people have mental failures such as greed, selfishness, curiosity, and trust. Therefore, through appropriate methods and methods, intrusion The attacker is completely able to obtain the information needed for the intrusion from the relevant personnel. Once you have mastered the theory of social engineering, you can obtain normal access rights, and then contact some network attack methods, you can easily break into a network, no matter how high the configuration of the system's software and hardware is. In recent years, social engineering attacks have become a trend of rapid rise and even abuse, and have exerted infinite effects in the process of virus expansion and transmission. Such as qq tail virus, love worm, MSN virus and phishing attacks.)




页: [1]
查看完整版本: 社会工程学的应用与防范