Ver:
·
http://en.wikipedia.org/wiki/Social_engineering_%28computer_security%29
Mecanismo
para obtener información o datos de naturaleza sensible.
Las técnicas
de ingeniería social son tácticas de persuasión que suelen valerse de la buena
voluntad y falta de precaución de los usuarios, y cuya finalidad consiste en
obtener cualquier clase de información, en muchas ocasiones claves o códigos.
http://www.inteco.es/glossary/Formacion/Glosario/
Son técnicas
basadas en engaños que se emplean para dirigir la conducta de una persona u
obtener información sensible. El afectado es inducido a actuar de determinada
forma (pulsar en enlaces, introducir contraseñas, visitar páginas, etc.)
convencido de que está haciendo lo correcto cuando realmente está siendo
engañado por el ingeniero social.
http://www.alerta-antivirus.es/seguridad/ver_pag.html?tema=S
Forma de vida
o actuación aprovechada y tramposa.
DRAE.
Diccionario de la Lengua Española.
Eufemismo
empleado para referirse a medios no técnicos o de baja complejidad tecnológica
utilizados para atacar a sistemas de información, tales como mentiras,
suplantaciones, engaños, sobornos y chantajes. [CCN-STIC-403:2006]
The act of deceiving an
individual into revealing sensitive information by associating with the
individual to gain confidence and trust. [NIST-SP800-63:2013]
The practice of obtaining
otherwise secure information by tricking, exploiting human traits of trust and
helpfulness, or manipulation of legitimate users. [CSS NZ:2011]
An attempt to trick someone
into revealing information (e.g., a password) that can be used to attack an
enterprise. [CNSSI_4009:2010]
(D) Euphemism for
non-technical or low-technology methods, often involving trickery or fraud,
that are used to attack information systems. Example: phishing. [RFC4949:2007]
An attempt to trick someone
into revealing information (e.g., a password) that can be used to attack
systems or networks. [NIST-SP800-61:2004]
A euphemism for
non-technical or low-technology means - such as lies, impersonation, tricks,
bribes, blackmail, and threats - used to attack information systems.
http://www.sans.org/security-resources/glossary-of-terms/
Social engineering is a term
that describes a non-technical kind of intrusion that relies heavily on human
interaction and often involves tricking other people to break normal security
procedures.
A social engineer runs what
used to be called a "con game." For example, a person using social
engineering to break into a computer network might try to gain the confidence
of an authorized user and get them to reveal information that compromises the
network's security. Social engineers often rely on the natural helpfulness of
people as well as on their weaknesses. They might, for example, call the
authorized employee with some kind of urgent problem that requires immediate
network access. Appeal to vanity, appeal to authority, appeal to greed, and
old-fashioned eavesdropping are other typical social engineering techniques.
http://searchsecurity.techtarget.com/
Potential attackers may
persuade an authorised user to give them their password (e.g. by pretending to
be involved in systems maintenance, by bribing).
An attack that does not
depend on technology as much as it depends upon tricking or persuading an
individual to divulge privileged information to the attacker, usually
unknowingly. For example, an attacker might phone a company's internal help
desk, posing as an employee, and say, "This is Fred in Accounting. I was
on vacation for five weeks and forgot my network password. Could you look it up
for me?" If the gullible help desk technician reveals the password to the
attacker, the attacker "socially engineered" it out of him.
http://www.watchguard.com/glossary/
Tricks performed by
malicious users offline to gain access to secure systems, for example
impersonating a technical support agent.
http://www.getsafeonline.org/
Technique de piratage
consistant à profiter de la crédulité d'un utilisateur afin de lui sous-tirer
des informations confidentielles attenantes à un système d'information cible.
Le but principal est pour le pirate de pouvoir obtenir des informations lui
permettant d'obtenir un accès valide sur le système d'information qu'il
souhaite pénétrer. Le pirate informatique profite ainsi du maillon le plus
faible de la chaîne pour pénétrer sur un système d'information.
http://www.cases.public.lu/functions/glossaire/