1 / 30

Social Networking

Social Networking. Keith Watson , CISSP-ISSAP, CISA Information Assurance Research Engineer, CERIAS. Security and Privacy. Find Me Online. ikawnoclast.com facebook.com / ikawnoclast t witter.com / ikawnoclast l inkedin.com /in/ keithwatson Please tweet as we go with # puaware. Overview.

shino
Download Presentation

Social Networking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Social Networking Keith Watson, CISSP-ISSAP, CISA Information Assurance Research Engineer, CERIAS Security and Privacy

  2. Find Me Online • ikawnoclast.com • facebook.com/ikawnoclast • twitter.com/ikawnoclast • linkedin.com/in/keithwatson • Please tweet as we go with #puaware

  3. Overview • Own Your Space • Definitions and Terms • Questions • Passwords, Systems, Networks • Things to Keep in Mind • Service Specific Configuration Options

  4. Own Your Space

  5. A Guide to Facebook Security • A guide to risks and security features of Facebook • Available in English since August 2011 • Translated into seven languages • Arabic version available in mid February 2012 • http://ow.ly/8EYsb (guide) • http://ownyourspace.net/

  6. Terms CC-licensed photos by Dr Noah Lott, bnanative on flickr

  7. Types of Services • Networking • Facebook, Google+, Linkedin, Twitter • Content Sharing • Pinterest, Facebook, Dropbox, Google Drive • Location-based Services • foursquare, Google Latitude, Facebook, Gowalla

  8. Types of Protection • Security • Prevention of malicious action to systems, info • Safety • Prevention from physical or mental harm • Privacy • Prevention of exposing sensitive or private info

  9. Default Privacy Modes • “Mostly open” • The default sharing mode is public • You must choose to keep content private • “Mostly closed” • The default sharing mode is private • You must choose to share content

  10. Questions CC-licensed photos by Colin_K, Mario Belluci, Horia Varian on flickr

  11. Why is it free? • If a service does not charge you money, then you are paying in other ways • Marketing and Advertising • Privacy • Facebook has 1 Billion monthly active users • Revenues for Q2’12: $1.18 Billion, 84% from ads • Linkedin Marketing Solutions: $63.1 Million • Twitter uses Promoted Tweets based on you

  12. What are the risks? • Privacy • Reputation • Data • Access • Control • Employment • Legal Proceedings

  13. What should I do? • Realize that social networking is not free • Review the security/privacy settings of sites you use periodically • Stop using it!? • Deactivate or delete your accounts!? • Extract your data • Assume the worst case scenario is possible • Prepare for it

  14. Your Memoryand System Have Issues CC-licensed photos by ecastro, allaboutgeorge, TounuTouji on flickr

  15. Passwords and Password Tools • Weak/short passwords can be discovered • Brute password breaking is cheaper today • Strong passwords are needed, everywhere • You have too many passwords to remember! • Use a password tool to manage passwords • 1Password, LastPass, PasswordSafe, RoboForm • Browser integration, mobile platforms • Use one-time password systems

  16. System Security • Stay up to date with software • Especially Flash Player, Java, web browsers • Upgrade your OS! • XP is now 11 years old; support ended in 2009 • Remove internet software you do not use • Install anti-malware software • If it’s a Purdue system, this is software is free! • Make sure it’s updating • Your regular account should not be an admin

  17. Network Security • Avoid using open WiFi connections • A WPA2 connection with public password is safer • Use a virtual private network (VPN) • Purdue’s VPN available to Career Account users • Enable your OS or anti-malware firewall • Enable your home router’s firewall for devices • Disconnect your system from the network when not needed

  18. Things to Keep in Mind CC-licensed photo by joguldi on flickr

  19. Content Sharing Privacy • Before you post, ask the following: • Will this post/picture cause a problem for me? • Can I say this in front of my mother? • Divide your Friends into groups, lists, or circles • Limit the number of people that see it • Share public information with the public • Share inner thoughts and personal feelings with close friends

  20. Networking Privacy • Do not Friend or Connect with people that you have not met in person or know well • Reject Friend requests and Connections • Having a lot of Friends works can against you • Facebook may ask you to identify your Friends • Limit your visibility on services

  21. Location Privacy and Safety • Limit your check-in information to friends only • Never check in at your home, school, work • A mayorship is a public “office” • Avoid public lists for a location • Do not let friends check you in • Review posts you are tagged in

  22. Service Specific Configuration Options

  23. Google Security and Privacy • Enable 2-step verification • Use Google Authenticator or text-based codes • Applies to (almost) all Google services • Create Google+ circles based on sharing needs • Turn off geo location data in photos • Turn off “find my face” in photos and videos • Manage your Dashboard data

  24. Facebook Security Tools • Enable • Secure Browsing • Login Notifications (text and email) • Login Approvals (text and mobile Code Generator) • Select your Trusted Friends • Review and Monitor • Recognized Devices • Active Sessions • Delete old and unused Apps

  25. Facebook Privacy Tools • Limit App access to your data • Set your default audience to Friends • Customize your timeline content settings • Who can post, tag you, tag reviews • Disable tag suggestions for photos uploaded • Limit search engine inclusion • Limit third-party and social ads • Limit info that can be included by others in apps

  26. Dropbox Security and Privacy • Enable two-step verification • Disable LAN sync on laptops • Do not put sensitive data into Dropbox • Encrypt files if needed • Unlink old devices • Review Apps linked to your account • Turn on email for new devices and apps added • Review your shared folders periodically

  27. Twitter Security and Privacy • Enable Protect My Tweets • Enable HTTPS • Require personal information for password reset • Disable location data for tweets • Delete old location data too

  28. Linkedin Privacy • Turn off data sharing with third-party apps and sites • Consider changing your photo visibility, activity broadcasts • Remove Twitter access • Disable ads from third-party sites • Enable full-time SSL connections

  29. Foursquare Privacy • Do not include yourself in lists of people checked into a location • Do not earn mayorships • Do not let friends check you into places • Do not let venue managers see you

  30. Stay Safe • Stay up to date on software and settings • Be selective when choosing friends • Using your thinkin’ before you’re tweetin’! • Be mysterious

More Related