摘要
APT攻击中常以社会工程获取信息。从两个著名的APT攻击案例,分析其利用的社会工程心理学基础,并研究了社会工程的攻击手法。进一步从人和信息两方面给出了防御社会工程攻击的安全应对措施。
Social engineering is often used to acquire information by attacker in APT. With two famous APT cases of Google and RSA,this paper analyzes the foundation of social engineering psychology and the attack technique of social engineering. And from the two aspects of persons and information,the security solutions for preventing social engineering attack are also described in this paper.
出处
《信息安全与通信保密》
2014年第10期93-95,99,共4页
Information Security and Communications Privacy