CSCU Module 11 Security on Social Networking Sites.pdf

8/19/2019 CSCU Module 11 Security on Social Networking Sites.pdf

1/34

Copyright ©

by

EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.1

Security on Social NetworkingSites

Simplifying Security.

Module 11


2/34

Copyright ©

by

EC-Council


SAN FRANCISCO — Social networks are "lucrative hot beds" for cyber scams as crooks endeavor to dupe members of online communities,

according to a Microsoft security report released on Thursday.

"Phishing" attacks that use seemingly legitimate messages to trick people into clicking on booby ‐trapped links, buying bogus software,

or revealing information rocketed 1,200 percent at social networks last year, it said.

"We continue to see cyber criminals evolve attack methods such as a significant rise in social network phishing," Microsoft malware

protection center manager Vinny Gullotto said in the Security Intelligence Report.

Phishing using social networking as a "lure" represented 84.5 percent of all such trickery in December as compared with 8.3 percent at

the start of 2010, according to the report.

Microsoft analyzed data gathered from more than 600 million computer systems worldwide from July through December of last year for the semi ‐annual study.

"The popularity of social networking sites has created new opportunities for cyber criminals to not only directly impact users, but also

friends, colleagues and family through impersonation," the report said.

Cyber Scams Rife at Social Networks: Microsoft

http://www.physorg.com

May 12, 2011


3/34

Copyright ©

by

EC-Council


Scenario: Identity Theft over Social

Networking Sites

Alice wanted to show her friends how fun her

trip to Bahamas was. She uploaded her

photos of the trip in one of the social

networking sites. She was shocked when one

of her friends showed her a website that

contained her photos in compromised

positions. She realized that the photos from

her Bahamas

trip

were

morphed.

What options has she left uncheckedwhile uploading the photos?


4/34

Copyright ©

by

EC-Council


Module Objectives

Social Networking Sites

What is a Profile?

Top Social Networking Sites

Security Risks Involved in Social

Networking Sites

Staying Safe

on

Facebook

Facebook: Security Tips

Staying Safe on MySpace

Security Measures

Social Networking Security

Checklist


Checklist for

Parents

and

Teachers


5/34

Copyright ©

by

EC-Council


Introduction to

Social Networking

Sites

Social Networking

Security Threats

Staying Safe

on Facebook

Staying Safe

on MySpace

Module Flow


6/34

Copyright ©

by

EC-Council


Social Networking Sites

Social networking sites are web‐based services that allow users to build on‐line

profiles, share information, pictures, blog entries, music clips, etc.

These sites allow users to create a list of other users with whom they can share

information

It allows

user

to

get

themselves

involved

in

discussion

boards

and

hobby

groups

It allow users to refer other potential users to businesses

MySpace (http://www.myspace.com) Facebook (http://www.facebook.com)


7/34

Copyright ©

by

EC-Council


What is a Profile?

Facebook Profile Profile is a collection of information that defines or describes a user’s interests

The main profile page of a user of any social

networking site

introduces

and

describes

the

user

The information that a user may post on

his/her profile includes:

Names/nicknames

Email addresses

Phone numbers

Photos, videos

Personal interests

Names of

schools,

sports

teams,

and

friends

http://www.sophos.com


8/34

Copyright ©

by

EC-Council


Top Social Networking Sites

http://www.ebizmba.com

http://www.facebook.com

http://twitter.com

http://www.myspace.com

http://www.linkedin.com

http://www.ning.com

http://www.classmates.com

http://www.tagged.com

http://hi5.com

http://www.myyearbook.com

http://www.bebo.com

http://www.meetup.com

http://www.mylife.com

http://www.friendster.com

http://multiply.com

http://www.myheritage.com


9/34

Copyright ©

by

EC-Council


Introduction to

Social Networking

Sites

Social Networking

Security Threats

Staying Safe

on Facebook

Staying Safe

on MySpace

Module Flow


10/34

Copyright ©

by

EC-Council


Attacks on a Social

Networking Sites

Security Risks Involved in Social

Networking Sites

Cyberbullying

Identity Theft

Phishing Scams

Malware Attacks

Site Flaws

Objectionable Content

Overexposure

Contact with Predators

Contact Inappropriate

Adults and Businesses


11/34

Copyright ©

by

EC-Council


Cyberbullying refers to the abuse of technology to harass or threaten the Internet users

The information posted on social networking sites such as pictures, videos, comments,

updates can be used to spread false rumors, threaten to reveal the information on the

Internet, harass/blackmail the user, stalking the user, etc.

According

to

a

research

by

the

Pew

Internet

Project,

39% of

social

network

users

had

been

cyber‐bullied in some way, compared to 22% of online teens who do not use social networks

Cyberbullying


12/34

Copyright ©

by

EC-Council


Identity TheftPeople often get carried away with posting

information onto social networking sites

Left in the hands of cyber criminals, such

information can be used to hack into an online

services security

questions,

leading

to

identity

theft

Attacker can also use the information to

penetrate into the corporate network of a

company of his/her target

Alternatively, the attacker may find the user’s

name, browse

through

his/her

social

profile

He can then write an e‐mail based on the user’s

interests bearing a malicious link or document

UserAttacker

Malicious email


13/34

Copyright ©

by

EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.

13

Social networking sites contains

user’s information like the email

addresses, archived messages

This

information

can

be

used

to

customize email messages or fake

websites designed such that the

victims disclose usernames,

passwords, credit card numbers,

etc.

Phishing Scams

If a user clicks on the Update button, he/she is

redirected

to

a

Facebook

look‐

alike

phishing

siteUsers are then asked to enter a password to complete

the Update procedure


14/34

Copyright ©

by

EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.

14

Malware Attacks

Malware attacks are carried out

through social engineering as users

are mostly misled into clicking on

malicious links embedded within

personal messages

Malicious software give attackers

access to your profile and personal

information

Malicious software may also send

messages automatically to your

"friends" list, instructing them to

download the new application too

Another method of attack involves applications advertised on

social networking sites, which appear genuine

However, some of these applications install malicious code or

rogue antivirus software


15/34

Copyright ©

by


15

Site Flaws

There have been instances when site flaws in the social networking sites allow the

information of the users to be accessed, even though the privacy settings are set

Such information can include mother’s maiden name, often used as a security question

in online and real‐life security checks

Social

Networking

Sites Flaws

Server‐side flaws

Cross‐site

scriptingCross

‐site

request

forgery


16/34

Copyright

©

by


16

On many social

networking

communities, users post

material that is not

appropriate for children

This can include

obscene, racist or

violent text

and

images

Many community pages

may

contain

material

that is not appropriate

for the children

The child may be

involved in posting

pictures of himself or

herself or

of

friends

that

may be misused

Individuals with

intention

to

exploit

minors may create

community pages

pretending to be teens

themselves

Objectionable Content Contact with PredatorsOverexposure

Social Networking Threats to Minors


17/34

Copyright

©

by EC-Council


17

Introduction to

Social Networking

Sites

Social Networking

Security Threats

Staying Safe

on Facebook

Staying Safe

on MySpace

Module Flow


18/34

Copyright

©

by EC-Council


18

Facebook Privacy Settings

Facebook allows the users to

set the privacy settings for:

Search

Friend

requests

Messages

Friend List

Education and Work

Current city

and

Hometown

Likes, activities and other

connections


19/34

Copyright

©

by EC-Council


19

Facebook Privacy Settings


20/34

Copyright

©

by EC-Council


20

Profile Settings

Set the profile settings as “Only my friends”‐By default, Facebook allows all of your

networks and all of your friends to be able to view your profile

The users reveal personal information to potential identity thieves if they leave this option

to default settings

Therefore, it is advised to allow your profile to be viewed by only friends


21/34

Copyright

©

by EC-Council


21

Privacy Settings for Applications

Privacy settings for applications controls

what information shared with websites

and apps, including search engines

You can view your apps, remove any you

don't want to use, or turn off platform

completely

Everybody on Facebook can read the user

notes, but it is advisable to limit visibility

of notes to just friends


22/34

Copyright

©

by EC-Council


22

Settings to Block UsersThis settings lets you block people from interacting with you or seeing your information

on Facebook

You can also specify friends you want to ignore app invites from, and see a list of the

specific apps that you've blocked from accessing your information and contacting you


23/34

Copyright © by EC-Council


23

Recommended Actions for Facebook

Search Settings

Allow anyone to see my

public search listing

Allow my

public

search

listing

to

be

indexed by external search engines

See your picture

Send you

a message

Poke you

Add you as a friend

View your friend list

Be careful

“No”

Be careful

“No”

“No”

Be careful

“No”

Option Recommended Action Reason

The users should select the option “Yes” only if they want

people they are familiar with to know that they are on

Facebook

The user should not allow people who are not yet their

friends to view their friend list

Be cautious before accepting anyone's friend request

By responding to the poke from an unknown user, the users

will be allowing him/her to view their profile information

for a period of time

If the users respond to a message sent by someone that

they are

not

friends

with,

the

unknown

users

will

be

able

to view the user’s profile

Do not share pictures that may embarrass or that are

personal

If enabled,

it

allows

people

using

external

search

engines

like Google, Yahoo and MSN to find the user on Facebook


24/34



24



1. Adjust Facebook privacy settings to help protect identity

2. Think carefully about who is allowed to become a friend

3. Show "limited friends" a cut‐down version of the profile

Facebook allows its users to make people 'limited friends' who only have partial

access to the user profile

This is useful if the users have connections who they do not feel comfortable

sharing personal information with

4. Enable access to information only when necessary


25/34



25

Introduction to

Social Networking

Sites

Social Networking

Security Threats

Staying Safe

on Facebook

Staying Safe

on MySpace

Module Flow


26/34



26

Step 1: Go to “ Account Settings”

Go to Account Settings Privacy

Do not check Online Now if you do

not wish others to know when you

log in

Check Show

my

birthday

to

my

friends only if necessary

Do not check following options

under applications:

Do not allow my profile information to

be accessed by games and third party

services I haven’t

connected

to

option

Do not allow communications from

games and third party services I

haven’t connected to


27/34



27

Step 2: Check Settings for “Comments”

and “Mail”Go to Account Settings

Comments and check Only

Friends can add comments

to my blog

Go to Account Settings

Mail and check only people

I know to receive emails

from people you know


28/34



28

Step 3: Check Settings for “Friends

Request” and “IM”Go to Account Settings

Friends Request

Check Require CAPTCHA

[?] from

users

suspected

of spamming and also

check other options

according to your choice

Go to Account Settings

IM

Check Only My IM

friends to

appear

only

friends in the IM list


29/34


All Rights

Reserved.

Reproduction

is

Strictly

Prohibited.

29

Step 4: Check Settings for Stream Settings

Go to Account Settings My published activities and check the proper option


Go to Account Settings My Friends' Activities and check the proper option



30/34


All Rights

Reserved.

Reproduction

is

Strictly

Prohibited.

30

Step 5: Settings for Block Users By Age

Do not check Allow users under 18 to contact me

Checking this option would allow all the fake users who pretend to be Under 18

access to the account

To deny any unauthorized access to the profile:

Block the user by adding their profile URL to the Blocked users list


31/34


All Rights

Reserved.

Reproduction

is

Strictly

Prohibited.

31

Module Summary

Social networking sites allow users to build online profiles, share information, pictures,

blog entries, music clips, etc.

The main

profile

page

of

a user

of

a social

networking

site

introduces

and

describes

the

user

Cyberbullying is the process of using technology to harass or bully someone

Social networking sites contain the user’s information like email addresses, archived

messages

that

can

be

used

to

customize

email

messages,

or

fake

websites

Malware attacks are carried out through social engineering as users are mostly misled

into clicking malicious links embedded within personal messages

Set appropriate privacy and security defaults and choose a complex/unique password

for the account


32/34


All Rights

Reserved.

Reproduction

is

Strictly

Prohibited.

32

Read the privacy policy and terms of service carefully

Do not post anything personal on the social networking site

Set appropriate privacy and security defaults to make your profile private

Choose a complex/unique password for the account

Be careful about what is posted on the Internet

Be careful installing third‐party applications

Only accept friend requests from people you know

Only share limited personal information

Social Networking Security Checklist


33/34


All Rights

Reserved.

Reproduction

is

Strictly

Prohibited.

33

Do not use common verification such as your date of birth or your

mother's maiden name

Be aware of the intentions of anyone you meet on these sites

Restrict the access of personal videos on social networking sites to friends

Apply privacy settings so that only friends can view your profile

information

Disable the comments to prevent cyber bullying

Do not click suspicious links to prevent malicious attacks

Update the computer with the latest antivirus and other system

security software

Never install codecs when a site prompts you to do so

Social Networking Security Checklist


34/34


All Rights

Reserved.

Reproduction

is

Strictly

Prohibited.

34

Read the privacy policies of the sites before allowing children to use them

Consider keeping the computer in a family room rather than the child’s bedroom

Instruct children to never respond to messages that are suggestive, obscene,

belligerent, threatening, or make them feel uncomfortable

Be open with kids; encourage and instruct them to seek permission before

providing any details on social networking sites

Create your own account on the social network and spend some time on the

network's site

to

familiarize

with

social

networking

media

Create a cheat sheet with your child's password, a list of his/her approved

friends, and rules for how your child operates

Know children's passwords, screen names, and account information; this will help

in monitoring their activities

Instruct your

child

to

add

people

to

their

"friends"

list

only

if

they

know

them

in

real life


Checklist for Parents and Teachers

Documents

CSCU Module 11 Security on Social Networking Sites.pdf