cscu module 11 security on social networking sites.pdf
TRANSCRIPT
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
1/34
Copyright ©
by
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.1
Security on Social NetworkingSites
Simplifying Security.
Module 11
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
2/34
Copyright ©
by
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.2
SAN FRANCISCO — Social networks are "lucrative hot beds" for cyber scams as crooks endeavor to dupe members of online communities,
according to a Microsoft security report released on Thursday.
"Phishing" attacks that use seemingly legitimate messages to trick people into clicking on booby ‐trapped links, buying bogus software,
or revealing information rocketed 1,200 percent at social networks last year, it said.
"We continue to see cyber criminals evolve attack methods such as a significant rise in social network phishing," Microsoft malware
protection center manager Vinny Gullotto said in the Security Intelligence Report.
Phishing using social networking as a "lure" represented 84.5 percent of all such trickery in December as compared with 8.3 percent at
the start of 2010, according to the report.
Microsoft analyzed data gathered from more than 600 million computer systems worldwide from July through December of last year for the semi ‐annual study.
"The popularity of social networking sites has created new opportunities for cyber criminals to not only directly impact users, but also
friends, colleagues and family through impersonation," the report said.
Cyber Scams Rife at Social Networks: Microsoft
http://www.physorg.com
May 12, 2011
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
3/34
Copyright ©
by
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.3
Scenario: Identity Theft over Social
Networking Sites
Alice wanted to show her friends how fun her
trip to Bahamas was. She uploaded her
photos of the trip in one of the social
networking sites. She was shocked when one
of her friends showed her a website that
contained her photos in compromised
positions. She realized that the photos from
her Bahamas
trip
were
morphed.
What options has she left uncheckedwhile uploading the photos?
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
4/34
Copyright ©
by
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.4
Module Objectives
Social Networking Sites
What is a Profile?
Top Social Networking Sites
Security Risks Involved in Social
Networking Sites
Staying Safe
on
Facebook
Facebook: Security Tips
Staying Safe on MySpace
Security Measures
Social Networking Security
Checklist
Social Networking Security
Checklist for
Parents
and
Teachers
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
5/34
Copyright ©
by
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.5
Introduction to
Social Networking
Sites
Social Networking
Security Threats
Staying Safe
on Facebook
Staying Safe
on MySpace
Module Flow
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
6/34
Copyright ©
by
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.6
Social Networking Sites
Social networking sites are web‐based services that allow users to build on‐line
profiles, share information, pictures, blog entries, music clips, etc.
These sites allow users to create a list of other users with whom they can share
information
It allows
user
to
get
themselves
involved
in
discussion
boards
and
hobby
groups
It allow users to refer other potential users to businesses
MySpace (http://www.myspace.com) Facebook (http://www.facebook.com)
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
7/34
Copyright ©
by
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.7
What is a Profile?
Facebook Profile Profile is a collection of information that defines or describes a user’s interests
The main profile page of a user of any social
networking site
introduces
and
describes
the
user
The information that a user may post on
his/her profile includes:
Names/nicknames
Email addresses
Phone numbers
Photos, videos
Personal interests
Names of
schools,
sports
teams,
and
friends
http://www.sophos.com
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
8/34
Copyright ©
by
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.8
Top Social Networking Sites
http://www.ebizmba.com
http://www.facebook.com
http://twitter.com
http://www.myspace.com
http://www.linkedin.com
http://www.ning.com
http://www.classmates.com
http://www.tagged.com
http://hi5.com
http://www.myyearbook.com
http://www.bebo.com
http://www.meetup.com
http://www.mylife.com
http://www.friendster.com
http://multiply.com
http://www.myheritage.com
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
9/34
Copyright ©
by
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.9
Introduction to
Social Networking
Sites
Social Networking
Security Threats
Staying Safe
on Facebook
Staying Safe
on MySpace
Module Flow
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
10/34
Copyright ©
by
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.10
Attacks on a Social
Networking Sites
Security Risks Involved in Social
Networking Sites
Cyberbullying
Identity Theft
Phishing Scams
Malware Attacks
Site Flaws
Objectionable Content
Overexposure
Contact with Predators
Contact Inappropriate
Adults and Businesses
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
11/34
Copyright ©
by
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.11
Cyberbullying refers to the abuse of technology to harass or threaten the Internet users
The information posted on social networking sites such as pictures, videos, comments,
updates can be used to spread false rumors, threaten to reveal the information on the
Internet, harass/blackmail the user, stalking the user, etc.
According
to
a
research
by
the
Pew
Internet
Project,
39% of
social
network
users
had
been
cyber‐bullied in some way, compared to 22% of online teens who do not use social networks
Cyberbullying
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
12/34
Copyright ©
by
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.12
Identity TheftPeople often get carried away with posting
information onto social networking sites
Left in the hands of cyber criminals, such
information can be used to hack into an online
services security
questions,
leading
to
identity
theft
Attacker can also use the information to
penetrate into the corporate network of a
company of his/her target
Alternatively, the attacker may find the user’s
name, browse
through
his/her
social
profile
He can then write an e‐mail based on the user’s
interests bearing a malicious link or document
UserAttacker
Malicious email
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
13/34
Copyright ©
by
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
13
Social networking sites contains
user’s information like the email
addresses, archived messages
This
information
can
be
used
to
customize email messages or fake
websites designed such that the
victims disclose usernames,
passwords, credit card numbers,
etc.
Phishing Scams
If a user clicks on the Update button, he/she is
redirected
to
a
Facebook
look‐
alike
phishing
siteUsers are then asked to enter a password to complete
the Update procedure
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
14/34
Copyright ©
by
EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
14
Malware Attacks
Malware attacks are carried out
through social engineering as users
are mostly misled into clicking on
malicious links embedded within
personal messages
Malicious software give attackers
access to your profile and personal
information
Malicious software may also send
messages automatically to your
"friends" list, instructing them to
download the new application too
Another method of attack involves applications advertised on
social networking sites, which appear genuine
However, some of these applications install malicious code or
rogue antivirus software
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
15/34
Copyright ©
by
EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
15
Site Flaws
There have been instances when site flaws in the social networking sites allow the
information of the users to be accessed, even though the privacy settings are set
Such information can include mother’s maiden name, often used as a security question
in online and real‐life security checks
Social
Networking
Sites Flaws
Server‐side flaws
Cross‐site
scriptingCross
‐site
request
forgery
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
16/34
Copyright
©
by
EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
16
On many social
networking
communities, users post
material that is not
appropriate for children
This can include
obscene, racist or
violent text
and
images
Many community pages
may
contain
material
that is not appropriate
for the children
The child may be
involved in posting
pictures of himself or
herself or
of
friends
that
may be misused
Individuals with
intention
to
exploit
minors may create
community pages
pretending to be teens
themselves
Objectionable Content Contact with PredatorsOverexposure
Social Networking Threats to Minors
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
17/34
Copyright
©
by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
17
Introduction to
Social Networking
Sites
Social Networking
Security Threats
Staying Safe
on Facebook
Staying Safe
on MySpace
Module Flow
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
18/34
Copyright
©
by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
18
Facebook Privacy Settings
Facebook allows the users to
set the privacy settings for:
Search
Friend
requests
Messages
Friend List
Education and Work
Current city
and
Hometown
Likes, activities and other
connections
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
19/34
Copyright
©
by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
19
Facebook Privacy Settings
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
20/34
Copyright
©
by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
20
Profile Settings
Set the profile settings as “Only my friends”‐By default, Facebook allows all of your
networks and all of your friends to be able to view your profile
The users reveal personal information to potential identity thieves if they leave this option
to default settings
Therefore, it is advised to allow your profile to be viewed by only friends
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
21/34
Copyright
©
by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
21
Privacy Settings for Applications
Privacy settings for applications controls
what information shared with websites
and apps, including search engines
You can view your apps, remove any you
don't want to use, or turn off platform
completely
Everybody on Facebook can read the user
notes, but it is advisable to limit visibility
of notes to just friends
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
22/34
Copyright
©
by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
22
Settings to Block UsersThis settings lets you block people from interacting with you or seeing your information
on Facebook
You can also specify friends you want to ignore app invites from, and see a list of the
specific apps that you've blocked from accessing your information and contacting you
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
23/34
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
23
Recommended Actions for Facebook
Search Settings
Allow anyone to see my
public search listing
Allow my
public
search
listing
to
be
indexed by external search engines
See your picture
Send you
a message
Poke you
Add you as a friend
View your friend list
Be careful
“No”
Be careful
“No”
“No”
Be careful
“No”
Option Recommended Action Reason
The users should select the option “Yes” only if they want
people they are familiar with to know that they are on
Facebook
The user should not allow people who are not yet their
friends to view their friend list
Be cautious before accepting anyone's friend request
By responding to the poke from an unknown user, the users
will be allowing him/her to view their profile information
for a period of time
If the users respond to a message sent by someone that
they are
not
friends
with,
the
unknown
users
will
be
able
to view the user’s profile
Do not share pictures that may embarrass or that are
personal
If enabled,
it
allows
people
using
external
search
engines
like Google, Yahoo and MSN to find the user on Facebook
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
24/34
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
24
Facebook: Security Tips
Facebook: Security Tips
1. Adjust Facebook privacy settings to help protect identity
2. Think carefully about who is allowed to become a friend
3. Show "limited friends" a cut‐down version of the profile
Facebook allows its users to make people 'limited friends' who only have partial
access to the user profile
This is useful if the users have connections who they do not feel comfortable
sharing personal information with
4. Enable access to information only when necessary
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
25/34
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
25
Introduction to
Social Networking
Sites
Social Networking
Security Threats
Staying Safe
on Facebook
Staying Safe
on MySpace
Module Flow
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
26/34
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
26
Step 1: Go to “ Account Settings”
Go to Account Settings Privacy
Do not check Online Now if you do
not wish others to know when you
log in
Check Show
my
birthday
to
my
friends only if necessary
Do not check following options
under applications:
Do not allow my profile information to
be accessed by games and third party
services I haven’t
connected
to
option
Do not allow communications from
games and third party services I
haven’t connected to
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
27/34
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
27
Step 2: Check Settings for “Comments”
and “Mail”Go to Account Settings
Comments and check Only
Friends can add comments
to my blog
Go to Account Settings
Mail and check only people
I know to receive emails
from people you know
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
28/34
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
28
Step 3: Check Settings for “Friends
Request” and “IM”Go to Account Settings
Friends Request
Check Require CAPTCHA
[?] from
users
suspected
of spamming and also
check other options
according to your choice
Go to Account Settings
IM
Check Only My IM
friends to
appear
only
friends in the IM list
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
29/34
Copyright © by EC-Council
All Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
29
Step 4: Check Settings for Stream Settings
Go to Account Settings My published activities and check the proper option
according to your choice
Go to Account Settings My Friends' Activities and check the proper option
according to your choice
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
30/34
Copyright © by EC-Council
All Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
30
Step 5: Settings for Block Users By Age
Do not check Allow users under 18 to contact me
Checking this option would allow all the fake users who pretend to be Under 18
access to the account
To deny any unauthorized access to the profile:
Block the user by adding their profile URL to the Blocked users list
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
31/34
Copyright © by EC-Council
All Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
31
Module Summary
Social networking sites allow users to build online profiles, share information, pictures,
blog entries, music clips, etc.
The main
profile
page
of
a user
of
a social
networking
site
introduces
and
describes
the
user
Cyberbullying is the process of using technology to harass or bully someone
Social networking sites contain the user’s information like email addresses, archived
messages
that
can
be
used
to
customize
email
messages,
or
fake
websites
Malware attacks are carried out through social engineering as users are mostly misled
into clicking malicious links embedded within personal messages
Set appropriate privacy and security defaults and choose a complex/unique password
for the account
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
32/34
Copyright © by EC-Council
All Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
32
Read the privacy policy and terms of service carefully
Do not post anything personal on the social networking site
Set appropriate privacy and security defaults to make your profile private
Choose a complex/unique password for the account
Be careful about what is posted on the Internet
Be careful installing third‐party applications
Only accept friend requests from people you know
Only share limited personal information
Social Networking Security Checklist
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
33/34
Copyright © by EC-Council
All Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
33
Do not use common verification such as your date of birth or your
mother's maiden name
Be aware of the intentions of anyone you meet on these sites
Restrict the access of personal videos on social networking sites to friends
Apply privacy settings so that only friends can view your profile
information
Disable the comments to prevent cyber bullying
Do not click suspicious links to prevent malicious attacks
Update the computer with the latest antivirus and other system
security software
Never install codecs when a site prompts you to do so
Social Networking Security Checklist
-
8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf
34/34
Copyright © by EC-Council
All Rights
Reserved.
Reproduction
is
Strictly
Prohibited.
34
Read the privacy policies of the sites before allowing children to use them
Consider keeping the computer in a family room rather than the child’s bedroom
Instruct children to never respond to messages that are suggestive, obscene,
belligerent, threatening, or make them feel uncomfortable
Be open with kids; encourage and instruct them to seek permission before
providing any details on social networking sites
Create your own account on the social network and spend some time on the
network's site
to
familiarize
with
social
networking
media
Create a cheat sheet with your child's password, a list of his/her approved
friends, and rules for how your child operates
Know children's passwords, screen names, and account information; this will help
in monitoring their activities
Instruct your
child
to
add
people
to
their
"friends"
list
only
if
they
know
them
in
real life
Social Networking Security
Checklist for Parents and Teachers