Cscu module 11 security on social networking sites

Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
1
Security on Social Networking
Sites
Simplifying Security.
Module 11

2
SAN FRANCISCO — Social networks are "lucrative hot beds" for cyber scams as crooks endeavor to dupe members of online communities,
according to a Microsoft security report released on Thursday.
"Phishing" attacks that use seemingly legitimate messages to trick people into clicking on booby‐trapped links, buying bogus software,
or revealing information rocketed 1,200 percent at social networks last year, it said.
"We continue to see cyber criminals evolve attack methods such as a significant rise in social network phishing," Microsoft malware
protection center manager Vinny Gullotto said in the Security Intelligence Report.
Phishing using social networking as a "lure" represented 84.5 percent of all such trickery in December as compared with 8.3 percent at
the start of 2010, according to the report.
Microsoft analyzed data gathered from more than 600 million computer systems worldwide from July through December of last year for
the semi‐annual study.
"The popularity of social networking sites has created new opportunities for cyber criminals to not only directly impact users, but also
friends, colleagues and family through impersonation," the report said.
Cyber Scams Rife at Social Networks: Microsoft
http://www.physorg.com
May 12, 2011

3
Scenario: Identity Theft over Social
Networking Sites
Alice wanted to show her friends how fun her
trip to Bahamas was. She uploaded her
photos of the trip in one of the social
networking sites. She was shocked when one
of her friends showed her a website that
contained her photos in compromised
positions. She realized that the photos from
her Bahamas trip were morphed.
What options has she left unchecked
while uploading the photos?

4
Module Objectives
Social Networking Sites
What is a Profile?
Top Social Networking Sites
Security Risks Involved in Social
Networking Sites
Staying Safe on Facebook
Facebook: Security Tips
Staying Safe on MySpace
Security Measures
Social Networking Security
Checklist
Checklist for Parents and
Teachers

5
Introduction to
Social Networking
Sites
Social Networking
Security Threats
Staying Safe
on Facebook
Staying Safe
on MySpace
Module Flow

6
Social Networking Sites
Social networking sites are web‐based services that allow users to build on‐line
profiles, share information, pictures, blog entries, music clips, etc.
These sites allow users to create a list of other users with whom they can share
information
It allows user to get themselves involved in discussion boards and hobby groups
It allow users to refer other potential users to businesses
MySpace (http://www.myspace.com) Facebook (http://www.facebook.com)

7
What is a Profile?
Facebook Profile  Profile is a collection of information that
defines or describes a user’s interests
 The main profile page of a user of any social
networking site introduces and describes the
user
 The information that a user may post on
his/her profile includes:
 Names/nicknames
 Email addresses
 Phone numbers
 Photos, videos
 Personal interests
 Names of schools, sports teams, and friends
http://www.sophos.com

8
Top Social Networking Sites
http://www.ebizmba.com
http://www.facebook.com
http://twitter.com
http://www.myspace.com
http://www.linkedin.com
http://www.ning.com
http://www.classmates.com
http://www.tagged.com
http://hi5.com
http://www.myyearbook.com
http://www.bebo.com
http://www.meetup.com
http://www.mylife.com
http://www.friendster.com
http://multiply.com
http://www.myheritage.com

9
Introduction to
Social Networking
Sites
Social Networking
Security Threats
Staying Safe
on Facebook
Staying Safe
on MySpace
Module Flow

10
Attacks on a Social
Networking Sites
Security Risks Involved in Social
Networking Sites
Cyberbullying
Identity Theft
Phishing Scams
Malware Attacks
Site Flaws
Objectionable Content
Overexposure
Contact with Predators
Contact Inappropriate
Adults and Businesses

11
Cyberbullying refers to the abuse of technology to harass or threaten the Internet users
The information posted on social networking sites such as pictures, videos, comments,
updates can be used to spread false rumors, threaten to reveal the information on the
Internet, harass/blackmail the user, stalking the user, etc.
According to a research by the Pew Internet Project, 39% of social network users had been
cyber‐bullied in some way, compared to 22% of online teens who do not use social networks
Cyberbullying

12
Identity Theft
People often get carried away with posting
information onto social networking sites
Left in the hands of cyber criminals, such
information can be used to hack into an online
services security questions, leading to identity
theft
Attacker can also use the information to
penetrate into the corporate network of a
company of his/her target
Alternatively, the attacker may find the user’s
name, browse through his/her social profile
He can then write an e‐mail based on the user’s
interests bearing a malicious link or document
UserAttacker
Malicious email

13
Social networking sites contains
user’s information like the email
addresses, archived messages
This information can be used to
customize email messages or fake
websites designed such that the
victims disclose usernames,
passwords, credit card numbers,
etc.
Phishing Scams
If a user clicks on the Update button, he/she is
redirected to a Facebook look‐alike phishing site
Users are then asked to enter a password to complete
the Update procedure

14
Malware Attacks
 Malware attacks are carried out
through social engineering as users
are mostly misled into clicking on
malicious links embedded within
personal messages
 Malicious software give attackers
access to your profile and personal
information
 Malicious software may also send
messages automatically to your
"friends" list, instructing them to
download the new application too
Another method of attack involves applications advertised on
social networking sites, which appear genuine
However, some of these applications install malicious code or
rogue antivirus software

15
Site Flaws
There have been instances when site flaws in the social networking sites allow the
information of the users to be accessed, even though the privacy settings are set
Such information can include mother’s maiden name, often used as a security question
in online and real‐life security checks
Social
Networking
Sites Flaws
Server‐side flaws
Cross‐site scriptingCross‐site request forgery

16
On many social
networking
communities, users post
material that is not
appropriate for children
This can include
obscene, racist or
violent text and images
Many community pages
may contain material
that is not appropriate
for the children
The child may be
involved in posting
pictures of himself or
herself or of friends that
may be misused
Individuals with
intention to exploit
minors may create
community pages
pretending to be teens
themselves
Objectionable Content Contact with PredatorsOverexposure
Social Networking Threats to Minors

17
Introduction to
Social Networking
Sites
Social Networking
Security Threats
Staying Safe
on Facebook
Staying Safe
on MySpace
Module Flow

18
Facebook Privacy Settings
Facebook allows the users to
set the privacy settings for:
 Search
 Friend requests
 Messages
 Friend List
 Education and Work
 Current city and Hometown
 Likes, activities and other
connections

19
Facebook Privacy Settings

20
Profile Settings
Set the profile settings as “Only my friends”‐By default, Facebook allows all of your
networks and all of your friends to be able to view your profile
The users reveal personal information to potential identity thieves if they leave this option
to default settings
Therefore, it is advised to allow your profile to be viewed by only friends

21
Privacy Settings for Applications
Privacy settings for applications controls
what information shared with websites
and apps, including search engines
You can view your apps, remove any you
don't want to use, or turn off platform
completely
Everybody on Facebook can read the user
notes, but it is advisable to limit visibility
of notes to just friends

22
Settings to Block Users
This settings lets you block people from interacting with you or seeing your information
on Facebook
You can also specify friends you want to ignore app invites from, and see a list of the
specific apps that you've blocked from accessing your information and contacting you

23
Recommended Actions for Facebook
Search Settings
Allow anyone to see my
public search listing
Allow my public search listing to be
indexed by external search engines
See your picture
Send you a message
Poke you
Add you as a friend
View your friend list
Be careful
“No”
Be careful
“No”
“No”
Be careful
“No”
Option Recommended Action Reason
The users should select the option “Yes” only if they want
people they are familiar with to know that they are on
Facebook
The user should not allow people who are not yet their
friends to view their friend list
Be cautious before accepting anyone's friend request
By responding to the poke from an unknown user, the users
will be allowing him/her to view their profile information
for a period of time
If the users respond to a message sent by someone that
they are not friends with, the unknown users will be able
to view the user’s profile
Do not share pictures that may embarrass or that are
personal
If enabled, it allows people using external search engines
like Google, Yahoo and MSN to find the user on Facebook

24
1. Adjust Facebook privacy settings to help protect identity
2. Think carefully about who is allowed to become a friend
3. Show "limited friends" a cut‐down version of the profile
 Facebook allows its users to make people 'limited friends' who only have partial
access to the user profile
 This is useful if the users have connections who they do not feel comfortable
sharing personal information with
4. Enable access to information only when necessary

25
Introduction to
Social Networking
Sites
Social Networking
Security Threats
Staying Safe
on Facebook
Staying Safe
on MySpace
Module Flow

26
Step 1: Go to “Account Settings”
Go to Account Settings  Privacy
Do not check Online Now if you do
not wish others to know when you
log in
Check Show my birthday to my
friends only if necessary
Do not check following options
under applications:
 Do not allow my profile information to
be accessed by games and third party
services I haven’t connected to option
 Do not allow communications from
games and third party services I
haven’t connected to

27
Step 2: Check Settings for “Comments”
and “Mail”
Go to Account Settings 
Comments and check Only
Friends can add comments
to my blog
Go to Account Settings 
Mail and check only people
I know to receive emails
from people you know

28
Step 3: Check Settings for “Friends
Request” and “IM”
Go to Account Settings
 Friends Request
Check Require CAPTCHA
[?] from users suspected
of spamming and also
check other options
according to your choice
Go to Account Settings
 IM
Check Only My IM
friends to appear only
friends in the IM list

29
Step 4: Check Settings for Stream Settings
Go to Account Settings  My published activities and check the proper option
Go to Account Settings  My Friends' Activities and check the proper option

30
Step 5: Settings for Block Users By Age
Do not check Allow users under 18 to contact me
Checking this option would allow all the fake users who pretend to be Under 18
access to the account
To deny any unauthorized access to the profile:
 Block the user by adding their profile URL to the Blocked users list

31
Module Summary
 Social networking sites allow users to build online profiles, share information, pictures,
blog entries, music clips, etc.
 The main profile page of a user of a social networking site introduces and describes the
user
 Cyberbullying is the process of using technology to harass or bully someone
 Social networking sites contain the user’s information like email addresses, archived
messages that can be used to customize email messages, or fake websites
 Malware attacks are carried out through social engineering as users are mostly misled
into clicking malicious links embedded within personal messages
 Set appropriate privacy and security defaults and choose a complex/unique password
for the account

32
Read the privacy policy and terms of service carefully
Do not post anything personal on the social networking site
Set appropriate privacy and security defaults to make your profile private
Choose a complex/unique password for the account
Be careful about what is posted on the Internet
Be careful installing third‐party applications
Only accept friend requests from people you know
Only share limited personal information
Social Networking Security Checklist

33
Do not use common verification such as your date of birth or your
mother's maiden name
Be aware of the intentions of anyone you meet on these sites
Restrict the access of personal videos on social networking sites to friends
Apply privacy settings so that only friends can view your profile
information
Disable the comments to prevent cyber bullying
Do not click suspicious links to prevent malicious attacks
Update the computer with the latest antivirus and other system
security software
Never install codecs when a site prompts you to do so
Social Networking Security Checklist

34
Read the privacy policies of the sites before allowing children to use them
Consider keeping the computer in a family room rather than the child’s bedroom
Instruct children to never respond to messages that are suggestive, obscene,
belligerent, threatening, or make them feel uncomfortable
Be open with kids; encourage and instruct them to seek permission before
providing any details on social networking sites
Create your own account on the social network and spend some time on the
network's site to familiarize with social networking media
Create a cheat sheet with your child's password, a list of his/her approved
friends, and rules for how your child operates
Know children's passwords, screen names, and account information; this will help
in monitoring their activities
Instruct your child to add people to their "friends" list only if they know them in
real life
Checklist for Parents and Teachers

Cscu module 11 security on social networking sites

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Viewers also liked

Viewers also liked (14)

Similar to Cscu module 11 security on social networking sites

Similar to Cscu module 11 security on social networking sites (20)

Recently uploaded

Recently uploaded (20)

Cscu module 11 security on social networking sites