4.2 Summarize various types of attacks and their impact

Social Engineering

📘CompTIA Network+ (N10-009)

---

Definition

Tailgating is a social engineering attack where an unauthorized person gains physical access to a restricted area by following closely behind someone who is authorized.

• The attacker takes advantage of people’s trust or politeness.
• The attacker does not need technical skills; it relies on manipulating human behavior.

Think of it as someone sneaking into a secure IT server room just by walking in behind an employee who has a key card.

---

How Tailgating Works in IT Environments

Tailgating is common in workplaces, data centers, or anywhere sensitive IT resources are stored. Examples include:

1. Server Rooms and Data Centers
   • Attackers follow an employee into a server room to access servers, network devices, or backup storage.
   • Once inside, they could steal data, install malware, or cause network downtime.
2. Workstations and Offices
   • The attacker waits for someone to open a door with a key card and slips in.
   • Once inside, they might access unlocked computers, copy confidential files, or install keyloggers.
3. Network Closets
   • Tailgating can give attackers physical access to network switches, routers, or patch panels, allowing them to connect rogue devices or intercept network traffic.

---

Why It’s Dangerous

Tailgating can bypass all software-based security measures. Even if you have firewalls, antivirus, or secure passwords, a physical intrusion can allow attackers to:

• Steal sensitive data (customer info, company secrets).
• Install malware directly on network devices.
• Connect unauthorized devices like rogue access points or laptops.
• Disrupt business operations or access backup systems.

Essentially, physical access equals control in many IT environments.

---

Common Techniques Used in Tailgating

1. Following closely – Simply walking behind someone entering a secured area.
2. Carrying packages – Attackers pretend to have heavy items and ask someone to hold the door.
3. Impersonation – Claiming to be a delivery person, technician, or visitor.
4. Piggybacking – Similar to tailgating, but the authorized person actively allows the attacker to enter, often unknowingly.

---

How to Prevent Tailgating

Organizations use physical security policies and technology to reduce the risk:

1. Access Control Systems
   • Key cards, biometric scanners, or PIN codes that only allow one person per entry.
2. Security Guards
   • Monitor entrances and verify identity of anyone entering secure areas.
3. Employee Awareness
   • Training employees to never hold doors open for strangers.
   • Encourage challenging anyone suspicious politely.
4. Mantraps
   • A small room with two doors, where the first door must close before the second opens.
   • Prevents unauthorized people from sneaking in.
5. CCTV Monitoring
   • Helps track unauthorized entries and provide evidence if a tailgating incident occurs.

---

Exam Tips

• Tailgating is physical access social engineering.
• It doesn’t require hacking skills—it relies on manipulating human behavior.
• Common targets: server rooms, network closets, offices with sensitive IT equipment.
• Prevention includes access control systems, mantraps, employee training, and security monitoring.

Remember: The key idea is that security isn’t just digital—it also depends on people and physical access.