Chapter 17 Common Types of Attacks

So let's talk some more about environmental.  

We're going to talk about 3 terms, the first of which is tailgating.  

Basically, that means when somebody's walking into a restricted area, you're so close behind them that you just walk in with them. 

So, like, say I wanted to go into our SOC.  

I'm not allowed in there.  

I see an analyst come by.  

I strike up a conversation as he's walking.  

I just walk along with him, and he unlocks the door so he can go in, and I just walk on in.  

So that's tailgating. 

Now piggybacking is the next term. 

Piggybacking is when the person knows to letting you in and you're not supposed to be in there.  

I've had that happen too, where the people know me and because they know me, they assume that I'm not up to no good. 

They just let me in to wherever I want to go. 

So, the next thing to discuss is shoulder surfing. 

That is, when somebody stands over your shoulder and tries to read your password, your login information, or tries to read data off your screen.  

All that is shoulder surfing.  

So, when you're working at your computer desk, especially if you're putting in a log in, you should never let somebody stand right behind you and look over your shoulder. 

People try to do it. 

It's never appropriate, and I've had to tell people, hey, step out of my space when I log in, or turn around, etcetera.  

If they know to do the right thing, they should turn on their own without you having to tell them.  

But that is shoulder surfing. 

So tailgating is walking is so close that you walk in behind somebody.  

Piggybacking, piggybacking is tailgating, but with the person's knowledge allowing you to do it. 

And then shoulder surfing is somebody looking over your shoulder to steal your credentials or data.