Tuesday, November 17, 2009

Social Network Security

I read this article the other day and I think anyone who is a parent will admit that this is your worst nightmare.

There's a stack of good resources on social security so I won't reinvent the wheel. That said I will provide some good resources. This stuff, I might add is good for any security professional. Whether you get random requests from friends and relatives, from the perspectives of a concerned parent or even just some of the dangers social networks pose to enterprise environments, I recommend you take a read.
A lot of the guidelines and advice are obvious to us and well known. However, some of the solutions aren't always clear cut.

Here is a summary of the attack types we are seeing:
Enterprises really need to start thinking about what is their position on social networking and its use in the work place (if there is one). Many are already creating or have in place a Social Media Policy. Security professionals need to be involved in the drafting process (don't laugh, you'd be suprised how often they are excluded from this process).

Parents need to consider everything from where is the computer placed in the home, what are the ground rules on Internet usage, educating their kids on how to build/manage their identity online and extent the rules of stranger danger to the Internet.

For individuals, consider just who do you really want in your social network, what sort of information should they have access to, just how much do you want to blur the lines between professional contacts and personal contacts. Also, make full use of the privacy settings so that the principle of least privilege still applies (e.g. On Facebook you can create multiple groups and assign varying levels of privacy rights to them). Also you really be wary about who you let into your life and just how much information you share.

I know this all sounds like common sense stuff but if it really were all common sense, we'd be out of a job.

- J.

PS: If friends or family ask for how to securely setup Facebook I suggest this link which has some good advice and guidance.

No comments: