1 / 37

Social Network Are We Secure Enough?

Social Network Are We Secure Enough?. By Arwa Binsaleh. Outline. OSN overview Threats and attacks Solutions and advises Conclusion: are we secure enough ?. Online Social Networking (OSN). Enable people to connect with each other, share information

kelton
Download Presentation

Social Network Are We Secure Enough?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Social NetworkAre We Secure Enough? By Arwa Binsaleh

  2. Outline • OSN overview • Threats and attacks • Solutions and advises • Conclusion: are we secure enough?

  3. Online Social Networking (OSN) • Enable people to connect with each other, share information • Common friends, interests, personal info • Post photos, videos, etc. for others to see • Communicate via email, instant message, etc.

  4. OSN Types • Facebook & MySpace – free access social networking websites • Twitter – “micro” blog – 140 characters or less • YouTube – Video Sharing Sites • Blog – shared on-line journal

  5. OSN Popularity • Over 900 million Facebook users worldwide • Over 140 million Twitter users • Over 175 million LinkedIn members in over 200 countries* *Source: Canadian social media survey, 2009

  6. Which Social Network Do You Think Poses The Biggest Risk To Security?** **Source: Sophos 2010 Security Threat Report

  7. Threats and Attacks • OSN Variants of Traditional Network and Information Security Threats • Identity Related Threats • Privacy Related Threats • Social Threats

  8. OSN Variants of Traditional Network and Information Security Threats

  9. Trojans • Social networks have become a great vector for Trojans -- "click here" and you get: * Zeus -- a potent and popular banking Trojan in social networks in 2009 * URL Zone -- calculates the value of the victim's accounts

  10. Malware • Spread viruses and Trojan horses • Ex: a malicious link prompt a file download to view a news article or video • If a user complies, malware installs on his device and quickly spreads throughout network • Best-known example: Koobface

  11. URL Shortening • Due to the small space allotted by the network sites, third-party services such as: http://tinyurl.com/or http://bit.ly/will “encode” the URL into a much shorter version Risks: • URL really does not tell you the true destination of the link • May contain drive-by malware

  12. OSN 3rd Party Applications • Games, quizzes, “cute” stuff • Untested by Facebook – anyone can write one... • No Terms and Conditions – either allow or deny • Installation gives developers rights to look at your profile and overrides your privacy settings!

  13. Identity Related Threats

  14. Profile Squatting Through Identity Theft • vulnerabilities: A malicious attacker can create a fake profile to a person causing all sorts of problems for the victim • Risks: a significant damage to the reputation of a person which may in turn lead to the financial and social embarrassment

  15. Identity Theft Example

  16. Phishing Attacks • Gain sensitive information such as usernames, passwords, and credit card details by posing as a trustworthy entity • After they gather a large number of friends by using a fake OSN profile, they send a link to this Phishing site

  17. Phishing Attack Example

  18. Data leakage • Share too much about the organization’s sensitive information • Spouses over-share how much their partner is working late on top-secret project • Risks: embarrassing, damaging and legal

  19. Privacy Related Threats

  20. OSN Information Privacy • Information posted on OSNs is generally public • Unless you set privacy settings appropriately • “I’ll be on vacation” post plus geolocation invites burglars, i.e., “Please Rob Me” • The dangers of posting Credit Cards, IDs on OSNs

  21. Credit Cards Posting on OSNs

  22. ID Posting on OSNs

  23. Geo-tagging • process of adding geographical identification metadata to various media such as photographs, video, or websites • Ex: Facebook • Risks: can give someone intent on causing you harm the opportunity to know your exact location

  24. Social Threats

  25. Stalking • The ability for malicious users to figure out where a target is physically is very dangerous • Risks: it opens up opportunities for burglary, assault and kidnapping

  26. Cyber Bullying & Harassment • Cyber bullying can range from embarrassing or cruel online posts or digital pictures, to online threats, harassment, and negative comments, to stalking through emails, websites, and social networks

  27. Solutions and Advises

  28. “Do’s” • Use strong, unique passwords • Provide minimal personal information: avoid entering birthdate, address, etc. • Review privacy settings, set them to “maximum privacy” “Friends of friends” includes far more people than “friends only” • Be wary of 3rd party apps, ads, etc. • Use browser security tools for protection: Anti-phishing filters (IE, Firefox) • Supervise children’s OSN activity

  29. “Don’ts” • Don’t: Discuss Details • Never post anything you would not tell directly to the enemy • Never post private or personal information • Assume the information you share will be made public • Details make you vulnerable

  30. Social NetworkAre We Secure Enough?

  31. Conclusion • No, we are not secured enough! • Social networking sites can be valuable and useful tools • However, these sites have security risks that can put the individual or a company in a compromising position or at serious risk

  32. References [1] Al Hasib, Abdullah. "Threats of online social networks." IJCSNS International Journal of Computer Science and Network Security 9.11 (2009): 288-93. [2] Ghari, Wajeb, and MahaShaabi. "Cyber Threats In Social Networking Websites." International Journal 3. [3] Internet Social Networking Risks by FBI on https://www.fbi.gov/about-us/investigate/counterintelligence/internet-social-networking-risks [4] Rosenblum, David. "What anyone can know: The privacy risks of social networking sites.” Security & Privacy, IEEE 5.3 (2007): 40-49. [5] Shin, Dong-Hee. "The effects of trust, security and privacy in social networking: a security-based approach to understand the pattern of adoption." Interacting with Computers22.5 (2010): 428-438. [6] http://www.youtube.com/watch?v=ej7afkypUsc

  33. The End Thank You!

More Related