摘要
随着计算机技术的发展,及网络安全技术的完善,入侵变得越来越困难和易被发现,一种古老的入侵手段—社会工程入侵以其灵活及隐蔽的特点逐渐被重视。Gartner集团信息安全与风险研究主任RichMogull认为:"社会工程学是未来10年最大的安全风险,许多破坏力最大的行为是由于社会工程学而不是黑客或破解行为造成的。"文中从社会心理学的角度结合社会工程入侵实例进行分析,得出社会工程入侵的常用技术手段,并针对这些手段提供了一套相对有效的措施抵御该类入侵。
With the development of computer technology, hacker attack becomes more difficult and easily detected. Social engineering, an old intrusion method, gradually attracts much attention for its flexibility and elusiveness. Rich Moguls, the director of Information Security department of Gartner Corporation once pointed out:“Social engineering would be the biggest security risk and might cause many disastrous security risks.”This paper, based on the analysis of social psychology and the example of social engineering attack, describes the common methods of social engineering attack, and provides a series of effective methods for resisting the attack.
出处
《信息安全与通信保密》
2009年第11期88-90,共3页
Information Security and Communications Privacy
关键词
社会工程
身份验证
权限验证
social engineering
identity authentication
authority verification
