Kevin Mitnick - The Art of Deception.pdf

Not everyone believes that Kevin Mitnick is the "best" hacker ever, but he is certainly the most notorious hacker in U.S. history. Having cost companies millions of dollars and being the target of an extensive FBI manhunt, Kevin eventually served time for his crimes. Out of prison, he has turned over a new leaf and is now a security consultant helping companies understand just how vulnerable they are to the new "Kevin Mitnicks" of the world.

Corporations spend a lot of time, money and effort on information security. Many in the information security field would argue that they don't spend enough. Nonetheless, companies hire security administrators, buy firewalls, antivirus software, intrusion detection systems (IDS) and other security measures with the hope or intent of keeping out unauthorized users from the network.

When all is said and done, only users who are authorized to use the network and have the proper password should be able to get into the system. What happens if the attacker is able to get the username and password of an authorized user? How will you detect a seemingly authorized entry into the network? What if the user freely and unwittingly gave their username and password to the attacker? Firewalls and IDS can keep out the casual hackers and the novices, but will they protect against a professional hit?

The Art of Deception: Controlling the Human Element of Security is a terrific book. It is almost more about human nature than it is hacking. The book discusses hacking from a non-technical perspective. There is a lot of research and legwork that goes in up front for a professional hacker to profile his target before he actually gets down to sitting at his computer and breaking into the network. The Art of Deception shows just how easy it is to gather the tidbits of information necessary to launch a successful hacking attack.

The problem is that the people who work for the company are the weakest link in the security chain. Hackers and Social Engineers prey on their naivete and their trust to extract the information they need. People want to be helpful and they generally have to deal with strangers of some sort or another in day to day business. It goes against their nature, and is contrary to doing efficient business, for them to distrust every person they meet.

The challenge then is to train the users not to divulge information to anyone, even seemingly useless information, unless they can verify that person's identity and reason for needing the information while at the same time remaining productive and doing business efficiently. Corporations have to find a middle ground that tries to balance the technical and human elements of security and find what works best.

This book contains tons of useful information and insight into social engineering and how a hacker can use seemingly useless information to build a profile of his target. At times the moral of the story seems redundant, but overall the book reads almost more like a novel than a book about hacking. I would recommend this book for everyone- not even just techies or security administrators.

Torrent made by the one and only IMC DeathSentinals www.insanemasterminds.com/