MasterSLATE writes "One of the weakest links to the most secured computer systems are the humans that operate them. No matter how well secured a computer, network or information may be, there are always people that will have contact with them from the inside. This is what the social engineer exploits in order to gain access. In The Art of Deception, Kevin Mitnick writes about the human element and how it can be manipulated and exploited to gain access to computer systems or 'secure' information." Read on for the rest of Masterslate's review.
What's to Like?
The Art of Deception is extremely easy to understand and actually fun to read.
The first part of the book, Behind the Scenes contains the first chapter, Security's Weakest Link, which describes through many examples how and why the social engineer is able to so easily manipulate people to get what he wants.
Part 2, The Art of the Attacker, contains chapters 2-9, which describe various ways a social engineer can manipulate people over the phone. Each chapter tells of a different method that could be used to gain information. Each chapter also contains at least one example.
Part 3, Intruder Alert, contains chapters 10-14, which tell about different ways a social engineer can get inside a company, whether physically or through an internal contact. Each chapter contains at least one example.
Part 4, Raising the Bar, contains chapters 15 and 16, which explain how a company should create their security policies and training to prevent the social engineer from gaining access to sensitive information. These chapters are definitely more geared toward the executive, security analyst, or other specialist, as they contain specifics on what new policies should be implemented and why.
The last section in the book, Security at a Glance, contains some charts and information which should be read over by a more general audience, such as employees and other people that may be contacted by a social engineer.
And one sidenote: there's a nice little foreword by Woz (Steve Wozniak).
The SummaryAlthough this book is geared toward the company security expert, this book also has appeal to anyone with an interest in social engineering. I found it to be a quick and fun read. As a social engineer, this book taught me new tactics to try as well as ways that my targets might be prevented from giving me information I seek.
Table of Contents
Part 1 Behind the Scenes
* Chapter 1 Security's Weakest Link
Part 2 The Art of the Attacker
* Chapter 2 When Innocuous Information Isn't
* Chapter 3 The Direct Attack: Just Asking for It
* Chapter 4 Building Trust
* Chapter 5 "Let Me Help You"
* Chapter 6 "Can You Help Me?"
* Chapter 7 Phony Sites and Dangerous Attachments
* Chapter 8 Using Sympathy, Guilt and Intimidation
* Chapter 9 The Reverse Sting
Part 3 Intruder Alert
* Chapter 10 Entering the Premises
* Chapter 11 Combining Technology and Social Engineering
* Chapter 12 Attacks on the Entry-Level Employee
* Chapter 13 Clever Cons
* Chapter 14 Industrial Espionage
Part 4 Raising the Bar
* Chapter 15 Information Security Awareness and Training
* Chapter 16 Recommended Corporate Information Security Policies
Security at a Glance