Tuesday, November 17, 2009

ACS to unveil professional indemnity scheme


Thoughts anyone?

- J.

Social Network Security

I read this article the other day and I think anyone who is a parent will admit that this is your worst nightmare.

There's a stack of good resources on social security so I won't reinvent the wheel. That said I will provide some good resources. This stuff, I might add is good for any security professional. Whether you get random requests from friends and relatives, from the perspectives of a concerned parent or even just some of the dangers social networks pose to enterprise environments, I recommend you take a read.
A lot of the guidelines and advice are obvious to us and well known. However, some of the solutions aren't always clear cut.

Here is a summary of the attack types we are seeing:
Enterprises really need to start thinking about what is their position on social networking and its use in the work place (if there is one). Many are already creating or have in place a Social Media Policy. Security professionals need to be involved in the drafting process (don't laugh, you'd be suprised how often they are excluded from this process).

Parents need to consider everything from where is the computer placed in the home, what are the ground rules on Internet usage, educating their kids on how to build/manage their identity online and extent the rules of stranger danger to the Internet.

For individuals, consider just who do you really want in your social network, what sort of information should they have access to, just how much do you want to blur the lines between professional contacts and personal contacts. Also, make full use of the privacy settings so that the principle of least privilege still applies (e.g. On Facebook you can create multiple groups and assign varying levels of privacy rights to them). Also you really be wary about who you let into your life and just how much information you share.

I know this all sounds like common sense stuff but if it really were all common sense, we'd be out of a job.

- J.

PS: If friends or family ask for how to securely setup Facebook I suggest this link which has some good advice and guidance.

Looks like I'll be speaking at AusCERT

Hi again,

Just a quick update, I'm about to start working on a presentation for AusCERT in 2010. I have a couple of ideas for talks that I think would be of interest to a few people - both security professionals and those that are security conscious.

Given that I now work for a vendor (don't hold that against me!) that is a major sponsor, whether I apply through the normal submission process or use our vendor slot, I don't know for sure but I can say that there's a good change that I will be presenting at the next AusCERT.

(The other reason I make this post is so that I back myself into a corner conveniently and I don't let myself get out easy if I get strapped for time or too busy with other commitmetns. So if you read this, don't let me off the hook!).

- J.