MSSR-PRCT-SC+_A

Social engineering over the telephone continues to be an effective attack vector,

and obtaining personal information such as a bank account or birth date would

be considered phishing over voice, or vishing.

Spoofing happens any time a device pretends to be another device. If a DNS

server has been modified to hand out the IP address of a different server, then

it's spoofing the IP address of the attacker.

On-path attacks are quite effective because the attacker can often sit invisibly

between two devices and gather useful information or modify the data streams

in real-time.

A DoS (Denial of Service) occurs when a service is unavailable due to the

effects of a third-party. A DDoS (Distributed Denial of Service) occurs when

multiple third-parties work together to create a service outage.

A threat that seems real but doesn't actually exist is a hoax. In this example, a

fake web site message is trying to convince you that this fake threat is actually a

real security issue.

The security in the computer room requires both physical security and ongoing

surveillance. The locking cabinets will secure the physical equipment, and the

video surveillance will provide a method to monitor the systems without being

physically present. Including an environmental sensor will provide information

about the temperature and humidity levels in the computer room.

Since the laptops are used away from the main location, it's important to

protect the data and provide additional authentication options. The storage

drives on the laptop should be configured with FDE (full-disk encryption) and

a biometric reader on the laptop can ensure that the proper users have access.