Social Networking Security and Privacy PowerPoint

prudencecoatInternet και Εφαρμογές Web

18 Νοε 2013 (πριν από 3 χρόνια και 10 μήνες)

102 εμφανίσεις

SOCIAL NETWORKING

Keith Watson
, CISSP
-
ISSAP, CISA

Information Assurance Research Engineer, CERIAS

SECURITY AND PRIVACY


Find Me Online


ikawnoclast.com


facebook.com
/
ikawnoclast



t
witter.com
/
ikawnoclast


l
inkedin.com
/in/
keithwatson



Please tweet as we go with #
puaware


Overview


Own Your Space


Definitions and Terms


Questions


Passwords, Systems, Networks


Things to Keep in Mind


Service Specific Configuration Options



Own Your Space

A Guide to Facebook Security


A guide to risks and security features of
Facebook


Available in English since August 2011


Translated into seven languages


Arabic version available in mid February 2012


http://
o
w.ly
/
8EYsb

(guide)


http://ownyourspace.net/

Terms

CC
-
licensed photos by
Dr

Noah Lott,
bnanative

on
flickr

Types of Services


Networking


Facebook, Google+,
Linkedin
, Twitter


Content Sharing


Pinterest
, Facebook,
Dropbox
, Google Drive


Location
-
based Services


f
oursquare, Google Latitude, Facebook,
Gowalla

Types of Protection


Security


Prevention of malicious action to systems, info


Safety


Prevention from physical or mental harm


Privacy


Prevention of exposing sensitive or private info

Default Privacy Modes


“Mostly open”


The default sharing mode is
public


You must choose to keep content private


“Mostly closed”


The default sharing mode is
private


You must
choose
to share
content


Questions

CC
-
licensed photos by
Colin_K
,
Mario
Belluci
,
Horia

Varian on
flickr

Why is it free?


If a service does not charge you money,

then you are paying in other ways


Marketing and Advertising


Privacy


Facebook has 1 Billion monthly
active
users


Revenues for Q2’12: $1.18 Billion, 84% from ads


Linkedin

Marketing Solutions: $63.1 Million


Twitter uses Promoted Tweets based on you

What are the risks?


Privacy


Reputation


Data


Access


Control


Employment


Legal Proceedings

What should I do?


Realize that social networking is not free


Review the security/privacy settings of sites
you use periodically


Stop using it!?


Deactivate or
d
elete your accounts!?


Extract your data


Assume the worst case scenario is possible


Prepare for it

Your Memory

and System Have Issues

CC
-
licensed photos by
ecastro
,
allaboutgeorge
,
TounuTouji

on
flickr

Passwords and Password Tools


Weak/short passwords can be discovered


Brute password breaking is cheaper today


Strong
passwords are needed, everywhere


You have too many passwords to remember!


Use a password tool to manage passwords


1Password,
LastPass
,
PasswordSafe
, RoboForm


Browser integration, mobile platforms


Use one
-
time password systems

System Security


Stay up to date with software


Especially Flash Player, Java, web browsers


Upgrade your OS!


XP is now 11 years old; support ended in 2009


Remove internet software you do not use


Install anti
-
malware software


If it’s a Purdue system, this is software is free!


Make sure it’s updating


Your regular account should not be an admin

Network Security


Avoid using open
WiFi

connections


A WPA2 connection with public password is safer


Use a virtual private network (VPN)


Purdue’s VPN available to Career Account users


Enable your OS or anti
-
malware firewall


Enable your home router’s firewall for devices


Disconnect your system from the network
when not needed

Things to Keep in Mind

CC
-
licensed photo by
joguldi

on
flickr

Content Sharing Privacy


Before you post, ask the following:


Will this post/picture cause a problem for me?


Can I say this in front of my mother?


Divide your Friends into groups, lists, or circles


Limit the number of people that see it


Share public information with the public


Share inner thoughts and personal feelings
with close friends

Networking Privacy


Do not Friend or Connect with people that
you have not met in person or know well


Reject Friend requests and Connections


Having a lot of Friends works can against you


Facebook may ask you to identify your Friends


Limit your visibility on services

Location Privacy and Safety


Limit your check
-
in information to friends only


Never check in at your home, school, work


A
mayorship

is a public “office”


Avoid public lists for a location


Do not let friends check you in


Review posts you are tagged in

Service Specific Configuration
Options

Google Security and Privacy


Enable 2
-
step verification


Use Google Authenticator or text
-
based codes


Applies to (almost) all Google services


Create Google+ circles based on sharing needs


Turn off geo location data in photos


Turn off “find my face” in photos and videos


Manage your Dashboard data

Facebook Security Tools


Enable


Secure Browsing


Login Notifications (text and email)


Login Approvals (text and mobile Code Generator)


Select your
Trusted Friends


Review and Monitor


Recognized Devices


Active Sessions


Delete old and unused Apps

Facebook Privacy Tools


Limit App access to your data


Set your default audience to Friends


Customize your timeline content settings


Who can post, tag you, tag reviews


Disable tag suggestions for photos uploaded


Limit search engine inclusion


Limit third
-
party and social ads


Limit info that can be included by others in apps

Dropbox

Security and Privacy


Enable two
-
step verification


Disable LAN sync on laptops


Do not put sensitive data into
Dropbox


Encrypt files if needed


Unlink old devices


Review Apps linked to your account


Turn on email for new devices and apps added


Review your shared folders periodically

Twitter Security and Privacy


Enable Protect My Tweets


Enable HTTPS


Require personal information for password
reset


Disable location data for tweets


Delete old location data too

Linkedin

Privacy


Turn off data sharing with third
-
party

apps
and sites


Consider changing your photo visibility,
activity broadcasts


Remove Twitter access


Disable ads from third
-
party sites


Enable full
-
time SSL connections

Foursquare Privacy


Do not include yourself in lists of people
checked into a location


Do not earn
mayorships


Do not let friends check you into places


Do not let venue managers see you

Stay Safe


Stay up to date on software and settings


Be selective when choosing friends


Using your
thinkin
’ before you’re
tweetin
’!


Be mysterious