Anti-spoofing Art

In order to cooperate with csdn's book reading activity, I read the book as soon as I received it. I used the three-day holiday to read the book and write down the post-reading feeling, which enriched my vacation.

The full name of the book is "the art of anti-spoofing-sharing the experience of legendary hackers in the world". The author of the book is the world's first hacker called Mitnick, the translator is our well-known Dr. Pan aimin. Judging from the strong lineup of the translator, I believe this book is of superior quality.

When I first got a book, I was a bit confused when I saw the book titled "anti-spoofing art". I don't know what the book is about, when I read the preface and the "story" in it, I finally understood the positioning of this book. Rather than a specific technical book, it illustrates the power of "social engineering" with a vivid, real, or fictitious story. At the end of each story, the author's comments are also given to tell readers how to deal with the risks in the story. The last part of the book also comes up with a whole section to explain the content of information security, and puts forward some measures to protect and prevent the author's information.

Throughout the book, I personally think that Part 1-the art of the attacker, the content is very exciting, through a "thrilling" story, explains how hacker uses social engineering to intrude into the system to obtain sensitive or even confidential information. Hacker uses its omnipotent technologies and superb social engineering capabilities to achieve almost no breakthrough. Its meticulous thinking, step by step to achieve their own goals, makes people feel like reading detective novels. Every time I read a story, I lament that hacker is omnipotent. He is not only a top technical expert, but also a social expert in psychology. Hacker needs to be mentally competent and can maintain a calm mind and a clear and agile mind in a critical moment. This kind of ability makes me have to fold. I have met a hacker in real life, but we have never met each other. However, when you use chat tools for simple communication, you will find that they are very good at unintentional communication, obtain the content they are interested in. Moreover, they are very good at using seemingly unrelated information, but can form a series of valuable information after processing, and then they can use the obtained information, to launch the various attacks they want. This capability may be the most important capability of hacker.

After reading this book, I have summarized the main points of anti-spoofing and would like to share with you.

1. Do not disclose sensitive or confidential information to strangers.

"Social Engineer" is very good at social networking. They use various means to obtain the information they want. If you feel that they are testing you, you should be careful.

2. You must encrypt, filter, and authorize confidential information. You must have strict access control permissions for those who access such confidential information.

This requires us to have a sound organizational system, an authorization mechanism, and audit measures.

3. Do not omit any possible means of information leakage, which is probably the target of hacker attacks.

The backup information should be kept as strictly as the original information, and even obsolete "junk information" should be destroyed in a timely manner, so that hacker will not be able to take advantage of it.

Hacker is a human, not a god. As long as we strengthen our awareness of information security in our daily lives and constantly strengthen information security measures, it is not so easy for hacker to intrude into the system to obtain information, in many cases, our own security work is not well done.

Finally, we recommend that you carefully read this book "the art of anti-spoofing-the experience of the legendary hackers in the world", and believe that when you encounter the trap of "social engineer, you have learned how to deal with it.

Anti-spoofing Art