Copyright Goodheart-Willcox Co., Inc. 447 Chapter 15 Network Security ■ Caller: Well Gene, I need to look at your PC fi les to see if there have been any possible intrusions. I need your username and password to inspect your system. It will only take a minute and will save me a lot of time rather than coming down there. ■ Admin: Sure. My username is admin and the password is pa$$word. Th e administrator’s system has now been compromised by social engineering. Th e forgoing scenario is a bit obvious, and frequently social engineering is not that blatant. However, any attempt to use social skills either to obtain illicit infor- mation from a user or to gain access to networks or facilities is social engineering. Consider phishing e-mails. In a fundamental sense, all phishing e-mails use social engineering to some extent. Th e e-mail is worded in a manner designed to entice the recipient into clicking on some link or opening some attachment that results in some type of security breach. Open Ports Ports, such as HTTP port 80, are used to connect to computers during communica- tion sessions. Legitimate users normally use them for browsing a web page, network meetings, and performing fi le transfers and downloads. Open ports can also be a way for intruders to gain access to the network system. Open ports are one of the most common security problems for any site. All unused ports should be closed, and all Figure 15-1 In this example, an employee has given the group Administrators full access to the C: drive. Goodheart-Willcox Publisher