Your SlideShare is downloading. ×
Social Networks - The Good and the Bad
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Social Networks - The Good and the Bad

7,147

Published on

This presentation gives an overview of how social networks are used in companies and what are the risks associated with them. Some actions points are proposed to mitigate those risks.

This presentation gives an overview of how social networks are used in companies and what are the risks associated with them. Some actions points are proposed to mitigate those risks.

Published in: Technology, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
7,147
On Slideshare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Transcript

    • 1. Social NetworksThe Good and The Bad Beltug Security SIG 2012 - Xavier Mertens
    • 2. $ whoami• Xavier Mertens (@xme)• Security Consultant• CISSP, CISA, CeH• Security Blogger• Volunteer for security projects:
    • 3. $ cat disclaimer.txt“The opinions expressed in this presentationare those of the speaker and do not reflectthose of past, present or future employers,partners or customers”
    • 4. Agenda• Definitions & Common Usages• Nightmare Stories• Risks• Actions!
    • 5. Definition &Common Usages
    • 6. Some Facts• Technology changed the way people communicate• “Usage of social networks by the Fortune 500 companies has seen an explosive growth in 2010 with 83% of the companies using at least one of the social media sites”• The usage of blogs has also increased by 50% (corporate blogs)• Around 34% have developed policies to govern blogging by their employees (Source: socialtimes.com)
    • 7. Nothing New! (Source: idfive.com)
    • 8. Do You Know Them?
    • 9. In Belgium? (Source: google.com/addplanner)
    • 10. Definition?“Social network sites are defined as web-based services that allow individuals ororganizations to construct a public or semi-public profile within a bounded system,articulate a list of other users with whomthey share a connection, and view andtraverse their list of connections and thosemade by others within the system. ”
    • 11. Common Usages• Communication about company & brands (marketing)• Live support• Technology & competition follow-up• Human Resources
    • 12. Marketing• Social Networks give a sense of “dynamic” company• Direct Reach / Close to customers.• Extended circle of contacts at low costs• Personal touch
    • 13. Live Support• Close contact with customers• Low Costs• Give a sense of “Real time”
    • 14. Follow Up• What are doing my competitors?• What’s new in my field of activity?• Almost real-time news trending
    • 15. Human Resources• “Hire” & “Fire”• Online recruiting• Employees screening
    • 16. And you as individual?• Split your personal and professional activities• Use a disclaimer: “My Tweets reflect my personal opinion”
    • 17. Nightmare Stories
    • 18. Barbara StreisandThe “Streisand Effect” is aprimarily online phenomenonin which an attempt to hide orremove a piece of informationhas the unintendedconsequence of publicizing theinformation more widely.
    • 19. The Belgian JewelerIn 2009, a Belgian Jeweler made a buzz withBelgian Twitter users with a completemisunderstanding of the social networksimpacts.
    • 20. Domino’s PizzaA Domino’s Pizza employee inserted nasalmucus on pizza’s. He was fired but video wasposted on Youtube. 250.000+ views!
    • 21. Koobface• Multi-platform worm that targeted Facebook users• First reported in 2009• Botnet, DNS filter, Proxy feature
    • 22. Risks
    • 23. Malware & Viruses• Corporate devices used to access Social Networks• They are based on Web technologies. All known attacks are usable (see the OWASP Top-10)• URL shorteners / QRcodes (“click”- generation)
    • 24. Wasted Resources• In big companies, usage of Social Network can waste a lot of bandwidth! Example: Facebook on a network of 10000+ users: 200GB/day• Waste of time by employees• Peak of wasted resources during popular events
    • 25. “Users”• Users remain the weakest link• Facebook password same as Active Directory password?• Attackers use breaking news• How many “friends” are really friends?
    • 26. Mobiles & Apps• People use mobile devices to access Social Networks• Suspicious browser extensions or 3rd party apps
    • 27. Data Leak• People might post confidential information• Intentional or not!• Data Extrusion• Bypass regular communication channels (Skype)
    • 28. Fake Accounts• Typo-squatting• Cyber-squatting
    • 29. Social Engineering• All information to conduct a social engineering attack is already online• Google is your best friend• Tools like Maltego are gold mines
    • 30. Degraded Brand Image• It takes years to build a brand image• It takes minutes to kill it!
    • 31. Data Resilience• Once posted, it’s indexed!• Are removed data really deleted?
    • 32. Reputation & LegalLiability• Disgruntled employees• “My boss is a bastard!”• “I’m pissed off by this f*cking job...”• Employers could be held responsible for failing to protect employees from accessing “sensitive” material.
    • 33. Actions!
    • 34. Official Support• Information can’t be published by employee self-initiative• Social Media must be defined as a regular communication channel with rules & guidelines
    • 35. Monitor Your Brand• Even if not used immediately, register your account (if not too late!)• Google Alerts• Commercial services (buzzcapture.com)• Monitoring tools
    • 36. Local Policies• No Social Networks access from business critical environments.• Restrict Social Networks access (“read-only”).• Modern firewalls may filter based on domains
    • 37. Remote Policies• Read carefully the Social Networks policies• Follow updates & fix your profiles (Ex: LinkedIn can use your profile picture)• Similarities with cloud services
    • 38. Security Awareness• Add Social Networks to your existing security awareness program.• “What employers and employees need to know.”
    • 39. pastebin.com• pastebin.com is a website where people can anonymously post “pasties” (data)• Track monitoring about your company (Example: IP’s, domain names)
    • 40. Thank You! Q&A?http://blog.rootshell.behttp://twitter.com/xme

    ×