Social Engineering Testing
April 13, 2010Tests of Controls
Social engineering techniques are employed in an attempt to obtain information regarding perimeter network devices and their defenses (i.e., IP address ranges, firewalls and default gateways) as well as potential internal targets. The information gathered during the reconnaissance phase outlines the basis of this test. The purpose of this testing is to assess the ease of extraction of critical information from internal organization resources and employees/contractors, or others with detailed knowledge of the organization, without their becoming aware of the significance of the information obtained.
Of particular interest is testing whether the organization’s help desk will assist an unauthorized or unidentified user.
www.bestitdocuments.com