Tailgating is a common tactic used by social engineers to gain unauthorized access to buildings or secure areas. It involves following someone who has legitimate access through a door or gate, without presenting their own credentials or going through the proper authentication process.
Tailgating, also known as piggybacking, is a common tactic used by social engineers to gain unauthorized access to buildings or secure areas.
Tailgating is a serious security risk, as it allows attackers to bypass physical security measures and gain access to sensitive information or systems. It's also a common technique used by insider threats, who may use their own legitimate credentials to gain access to restricted areas and then allow unauthorized individuals to tailgate behind them.
To prevent tailgating, organizations should implement strict security protocols and educate employees on the dangers of this tactic. This can include requiring employees to swipe their own credentials, even if they are following someone else through a door, and installing security cameras and other monitoring systems to detect and deter tailgating.
Additionally, organizations can implement access control measures, such as turnstiles, that physically prevent tailgating by requiring individuals to present their own credentials before passing through.
Overall, tailgating is a serious security threat; organizations should take steps to prevent it as part of their security strategy. By implementing strong security protocols and educating employees on the dangers of tailgating, organizations can protect themselves from this type of social engineering attack.
A common type of tailgating would be someone waiting around a common area with their hands full for an authorized person to open an access-controlled door.
During this time the unauthorized person could ask them to hold the door open while they rush through. Some other forms might include striking up conversations with employees at a common smoking area. By the time the employee has completed smoking, he or she will likely hold the door open for you, masquerading as an employee.
Humans have common courtesy, which can lead to vulnerabilities, such as holding doors open for unauthorized people. Some organizations have good physical security, so this might not work everywhere. However, performing sufficient information gathering on the target's physical security will help you plan your attack.
As you perform penetration testing, you can leverage any of the preceding techniques within your penetration test. Having a good background understanding of what each technique entails will help you plan your penetration test more effectively.
Anytime you can put yourself in a situation to gain information that is not readily available to the public, especially if it's insider info, this will increase your chances of succeeding with social engineering.
Comentários