Prevent unwanted computers from connecting to your wireless network
Topic: SOCIAL ENGINEERING
How to deal with public information - When trying to get access to a resource within a company intruders tries to create a map over the company. By social engineering critical information can easily be obtained.
Someone calls you on a direct line at work (not going through the switchboard) asking you about some public information that you know is already on the company web site. You act helpful and answer questions to direct the calling person to the information. It is probably a short call and you don't think much about it. Later this person maybe call you up again and this time you two are kind a familiar to each other. Some additional question are asked together with a short discussion. Somewhere during these calls you reveal your name and even worse reveal another employees name. You still don't think much about it.
Next thing that happens is that a coworker gets a call from the same person that introduces him self and referees to been talking to you. Why? To increase his credibility. By referring to you from a previous call your coworker automatically believes that you already have checked this person and that who ever he is you know this person and per definition the calling person is OK. Now the calling person starts to ask more specific questions that may be not public. The coworker might then reveal things that is not public.
This can go on until a resource within the company is revealed, all base on the credibility another coworkers name in the company gives to a stranger when calling.
Always referee incoming calls to the department (or someone) that is assigned to handle public questions.
Say NO - If you get a incoming call on a direct line, referee the calling person to go through the switchboard to explain his questions.
Keep your name secret - If your not a company public person, do not give up your name. This of cause may be not 100% effective since may companies have their employees name on their web site. You may think about remove employees names from the web site if their job is not to handle external questions.
Someone calls you up at work and asks you for company public information.
You think this is OK but who is calling?
You are just back from lunch and holding up the company front door.
Who is that guy talking in his cellphone?