Security in social network araceli&arlethe

Security in Social Networks 1

“SECURITY IN SOCIAL NETWORKS”

Hernández Castro Araceli

Tenorio Martínez Arlethe

February, 2014


ABSTRAC

Social networking has had a great impact today, have grown exponentially and

store a lot of private information about its users and their interactions, data stored

with all these social networks can attract malicious persons to harass, defame, do

spam and phishing.

The respective advantages of social networks are known well worldwide but talk

about privacy and security on them is of little people, which is why it is necessary

to talk about safety, how to optimize how and the proper use thereof, subject of this

article. To mention security in the social web is a key point in the passwords we

use for our accounts, which must be combined with numbers, letters and

characters for your safety.

A simple option is to make good use of social networks and not creating a very

personal inquisition, the protection is paramount importance in social network

research as private users, may cause undesirable or harmful effects on the

personal life.


KEYWORDS

Internet ---------------------- Internet

Inseguridad ---------------- Insecurity

Privacidad ----------------- Privacy

Seguridad ----------------- Security

Redes Sociales ---------- Social Networks


INTRODUCTION

Social networks are based on the Theory of Six Degrees of Separation, as this

anyone can be connected elsewhere in the world through a chain of acquaintances

that has no more than five intermediaries, connecting two people with only six

bonds. The theory was first proposed in 1929 by Frigyes Karinthy. The concept is

based on the idea that the known number grows exponentially with the number of

links in the chain, and only a small number of links are required for known

assembly becomes the entire human population.

The number of users in social networks has increased considerably in recent

years, to be part of social networks the user must register, usually for free, and

then complete a series of forms with your personal data, hobbies, personal photo

etc. We see this as a simple means of maintaining communication with our

surroundings, we see and publish photos, share feelings and thoughts, but do you

really know about the people who will see the other side of the computer or some

other means are?

In recent years, the popularity and the trust of social networks are being exploited

by cybercriminals, who have found a new way of exploiting their fraudulent

activities. The rise of social networking has taken the concept of privacy to a

dangerous terrain in which the vulnerability of each person on the network

increases. It is advisable to consider some points that can protect our data i f we

use online social networks.


CHAPTER I: NETWORKS

ANTECEDENTS

Social networks are based on the Theory of Six Degrees of Separation, whereby

anyone can be connected to any other in the world through a chain of

acquaintances that has no more than five intermediaries, connecting people with

only two six bonds. This theory attempts to prove that our grandparents saying "the

world is a handkerchief," that is, that anyone on Earth can be connected to any

other person through a chain of acquaintances that has no more than five levels

intermediaries. (PANDA, 2008, p. 4)

Figure 1.1.1 theory of six degrees of separation.

The origin of social networks goes back to 1995 when Randy Conrads

classmates.com website created with the objective that people could regain or

maintain contact with former classmates from school, college or university.

(PANDA, 2008, p. 3)

With the advent of Internet, network par excellence, has given rise to hundreds of

sites that facilitate the formation of social networks in relation to their academic

status, your workplace, your geographic region, interests, hobbies, taste, among

others.


SOCIAL NETWORK

A network is an abstract way to visualize a number of systems, and in general,

almost all complex systems.

Figure 1.1.2 The Rise of Social Networks

When talking about social networks refers to those services where users can

create a personal profile and interact with other users is. These platforms allow you

to interact through messages, share information, pictures or videos, so that these

publications are immediately visible for all the users form their group of contacts.

To join them you must register by filling out a series of forms with personal details,

photographs, etc. Normally just create a basic profile, and from there to provide all

the information about yourself that you want to increase the data provided to the

network. (INTECO, 2010)

Figure 1.1.3 The Rise of Social Networks2


Social networks show clear network effects, the greater the number of users and

the more rich and complex profiles are created, more capacity has the social

network to get new users, and present value as an advertising platform or as a

platform for submission of applications or services.

In this sense, Privacy management represents one of the key elements for social

networking, not only by the need to comply with relevant legal obligations, but by

the perception of users regarding the use and visibility of their data, which can put

the privacy policies employed as a competitive factor among different social

networks.

ADVANTAGES

Revisiting known.

Opportunity to join Flashmobs (short meetings via online for games and

entertainment in order to mobilize thousands of people).

Excellent for promoting new contacts affective as matchmaking, friendship

or sharing interests nonprofit.

Share special moments with those close to our lives.

Dilute geographical boundaries and serve to connect people regardless of

distance.

Perfect for connections to the professional world.

Get updates on topics of interest information, and let you attend events,

participate in events and conferences.

Communication can be in real time.

Can generate mass movements of solidarity in a crisis situation.


Figure 1.1.4 Advantages of Social Networking

DISADVANTAGES

Apart from the general disadvantages (invasion of privacy, lack of security,

addiction) has emerged a new disadvantage arising from boredom or boredom of

some who have proposed anti social networks such as travesty to authentic.

In the same way the happy customers to write good reviews of a product,

annoying customers also write about their bad experience. These comments

can be viewed by thousands of people in a short time and affect the image

of any business in weeks or even days.

A further disadvantage is the loss of privacy. Suddenly we become

accessible to anyone and is not always good. Avoid revealing sensitive

information how phone numbers, addresses not to mention bank accounts

and passwords.

Figure 1.1.5 Disadvantages of Social Networks


CHAPTER II: PRIVACY

SECURITY

Joined this public display of your privacy is a lack of security. There is too much

personal information rolling around, and little assurance that is well protected.

Participation in social networks is not without risks, such as identity theft. Even the

most careful users may provide personal information to strangers without realizing

it, to download and install an application designed by third parties that include

games, contests, contests of knowledge and virtual gifts. People entering these

networks think that information is considered private, can see only friends or

specific groups, but programmers sometimes used to bring together users with

similar interests. Sometimes used to broadcast advertising aimed at specific

sectors, taking into account things like age and gender.

The magnificent growth of social networking sites has changed the way of

communication, creating messages often unintelligible to users. Shared ideas and

dysfunction of the information is difficult to understand. Although the process of

transmitting information is perhaps easier and more comfortable, the amount of

information that can be run from one country to another in seconds is unlimited and

cannot control. Another disadvantage found in social networks, we can not be

certain that the information set out is there genuine or true.

Many companies have made the move to the new era and have established social

networks have caution when carrying a message. The companies aim networks,

but many managers and owners of the same fear for what employees can say

about them and the reputation that you provide to them. Public relations company

can not control what your employees commenting, but if you teach ethics and

responsibility that each must have.


PRIVACY

Today, the rise of social networks has led to the concept of privacy dangerous

territory in which the vulnerability of each person on the network increases. If we

use them, you should keep in mind some points that can protect our data online.

Privacy is a set of practices that divide public and private things. In this regard, let

us start from the point of view that privacy and confidentiality are imperative part of

computational activity. Thus, the problems that surround conflict systematically for

information security become, in many cases go beyond computer science.

At first glance, these problems would not impact such a sensitive issue as the

consequences of social engineering attacks, or maybe a little more dangerous as it

can be the subject of kidnapping, extortion and even "bullying" or "bullying" to

children and youth. (BOURBON Sanabria, 2012)

Intimacy and privacy is a right that anyone has. But with social networking privacy

is in check. Having a profile on social networks is almost a necessity to keep in

touch with family, friends or work. Few people who are not on Facebook, Twitter or

other social network. The problem that arises with these is privacy affected.

Numbers, ideology, religion or directions are some of the data they can get to

appear in the profiles of social networks. That's why you have to be more cautious

about sharing personal information. Public sharing of sensitive information that

may be more dangerous, beyond that there are few confirmed cases of

kidnappings, theft or fraud cases generated from the networks. (GRIVA, 2011)

The issue of privacy in social networks has increased relative to other online

services due to the ease with which users reveal personal information, as well as

the lack of awareness of these on the risks involved and the difficulty of some

users configured appropriately for such tools. (RODOTA, 2011)


PRIVACY IN THE CONTEXT OF SOCIAL NETWORKS

Anonymity of the user's identity

Protecting the actual identity of users, changes depending on which social network

we are registered. In social networks like Facebook, people use their own name as

such listing, to make them easier to locate users and especially to locate them

within the social network.

Everything we put on the net, stays on the net, so we must be careful what we do

not harm us or get into problematic situations.

But on social networks like Twitter, usually people can put aliases or addresses of

your own web page as a profile.

Privacy of personal space

The visibility of the user profile in a social network to another varies, in some

networks profiles can be found by doing a search on Google, such as Facebook or

Twitter; however the social network Tuenti this is not possible, is completely closed

to people registered on the website. This part also entered the profiles that may or

may not see people.

Depending on a social network or another, the default permissions are public or

private. Facebook takes a different approach by default; users who are on the

same subnet can view other profiles, unless a profile has decided to deny

permission for your subnet. As mentioned above, most social networks allow

friends to see aggregate profiles you're seeing.

As we have said, in most networks, you can see the list of friends we have,

although there are exceptions either because the social network itself gives you the

option to hide your friends list or because you hacked the profile from exit.


Privacy of user communication

A part of the data we provide to the social networks, as our photos, our comments

etc. A user of the social network discloses additional data, such as connection

time, the IP address used (and of course, their geographical location), visited

profiles, messages sent and received, i.e., a whole log of personal information

about what we've done while we were in the social network. All this should be

private, remember that an IP address in a period is unique, identifying a single

person, and it is illegal publication without user consent.

All this is summarized in that privacy must be present in both the social network

and information sharing (photos, messages etc.), and logs that are recorded in this

social network. Unauthorized entities should not know the contents of private data

sent and received via the network.

This aspect of the privacy of the data involves data confidentiality and anonymity of

homeowners, and must have access control. Access to information about a user

can only be granted by the user. Unauthorized entities, nor should they be able to

link the private data with the profile owner.


FRAUD IN SOCIAL NETWORKS

Identity Theft

Identity theft is a crime in which a person appropriates personal information to

commit fraud or other crimes. This a problem that affects millions of people

annually in the United States, including children who are victims of child identity

theft.

We can all take steps to prevent identity theft, but unfortunately sometimes

it depends on vulnerability in the computer systems or carelessness of

others who have access to our personal data.

If you think someone has stolen your personal information without your

permission, know what steps to take to report identity theft and protect your

money and your credit and reputation.

It is also important to learn how to protect your privacy, both personal and

financial, medical and Internet, to control what information is shared with

others and what it is used. Take care of your personal data in transactions

and avoid becoming a victim of identity theft.

Malware

Malware (malicious software) is a term that describes a variety of programs that

are installed on the computers of users usually through deception. The malware

can multiply quickly through social networks, infected user's computer and then

expand to the computers of your contacts. This is because the malware may

appear to come from a trusted contact, and therefore users are more likely to click

on links or downloading malicious software.

Some of the most common techniques for propagation of malware are:


Short URLs, especially those that appear in the area of updates or news

updates. This may cause the user to download a virus or visit a site that

attempts to download malware onto your computer.

Messages that appear to come from reliable sources that invite the user to

click on a link, view a video or download a file.

An email that appears to come from the same social networking site, which

requests information or asks the user to click on a link.

Third-party applications that infect computers with malicious software,

which spreads through contact.

False security alerts. These are applications that are passed by a virus

protection program and informs the user that your safety program is expired

or has detected a threat.

Social Engineering

An absolute truth, in terms of information security, is the weakest link in the chain is

the user human. This means that it is easier to attack a person and obtain

information or actions of this that violate achieve an information system that is

secured, shielded and protected against possible attackers. This leads to the

definition of social engineering:

"Art and science of manipulating people into performing actions that may be of

interest or goal" Chris Hadnagy.

"An act of manipulating people and develop actions or disclose".

In short one can speak of social engineering as a kind of human hacking.

Now and in the hacking work is performed to obtain information (Information

Gathering) of a possible target, just as obtaining information is the basis of social

engineering attacks, with the difference that normally the objective of attack will be

a person, a human, and for this you need to delve into every possible media


containing target information possible, this containing target information possible,

this is where the Internet and social networks appears.

From the perspective of a social engineer, any information about the person aims,

can contribute to form a profile or outline of tastes, haunts, activities performed,

place of work and activities, among other data. That is why without a doubt; social

media can provide a lot of information that can be useful. Next, let's look at a short

table that spans some data can get to get through these information systems:

Table 1. Data obtained through social networks

SOCIAL NETWORK / PLATFORM

INFORMATION OBTAINED UTILITY

Facebook / G+ / Hi5/Badoo / ...

• moods • Visits

• pictures • Interests

• Family • Relationships

• Etc.

These networks

provide a lot of general

information about the person and

their contacts. Twitter / Myspace / BBM / ...

• moods • Visits

• pictures • Interests

Establish a list of activities,

psychological profile, sites

visited, information consulted and

tastes of the individual.

MySpace / Grooveshark / LastFM / ...

• Music heard • Musical Tastes

Set a profile of preferences and musical

tastes. Linkedin/... • State labor

• Knowledge • Wage Assignment

• Studies in process

Identify job

profile of the person, current job, past,

education, knowledge,

interests, work, etc..


Foursquare / ... • Visits • Gourmet

Tastes

Allows geoposicionar

people and places frequented

identify possible

demonstrations or through travel.

Flickr / Picasa / ... • Visits • individual

tastes • Environment in which the

individual develops

Establish a list of activities,

psychological profile, visited places and

tastes of the individual.

Now, knowing that I usually have information published by these systems, taking

into account that this information can be indexed in search engines with or without

the consent of the user, it is necessary to validate both being shared.


SAFETY STANDARDS

To understand the challenge of balancing security and privacy, sociability and

usability have to see the main standards of network security.

Notice: Requires that information is accessible only to authorized entities. It

is vital in social networking misuse because information could have serious

consequences on the lives of people.

Integrity: Requires that information be modified only by authorized entities.

Availability: Requires that system resources are always available.

Non-repudiation: To provide protection against a user other then denying he

made some communication.


RESULTS

According to statistics based on a September 2013 report of eBizMBA Rank, one

of the largest networks is visited Facebook than 750 million unique visitors per

month.

As for the surveys conducted by ESET Latin America in July 2013, noted that the

total Latin American users surveyed 51.4% said using social networks to work.

Although communication with friends and family (85.6%), and the study (53.6%)

are the reasons most often cited by users regarding the use of social networks, the

fact that a little over half share corporate data and the job position as the third

largest in the graph (51.4%) reason, shows that companies and corporate users

also use these media for business purposes:


On the other hand, face the question about the level of security of information

stored on the servers of social networks, 52.2% think that their information is

slightly insecure:


DISCUSSION

Today, most people is recessed in the world of technology, make use of the tools

offered by Web 2.0 and is favorable because they remain on the advantages they

offer, but hey that is the problem we focus on the benefits, we settle for being

communicated with our friends, colleagues or even knowing other people. Most are

not aware of what we publish and if there are no privacy in the media, such

information can be read or take any user on the network and to misuse it in order

to cause any damage to our person.

The security and privacy begins with ourselves, of what we publish, we discuss

and permissions that grant, we are aware of our attitudes toward the media is true

has many advantages if we give the proper use but it is also appropriate to provide

for the consequences resulting for inappropriate behavior.

In conclusion, the study of security and privacy in social networks allows us to be

alert to himself about our behaviors to make use of them, as we all realize the

problems appear for privacy by the lack of knowledge by the user options that can

be enabled to restrict certain account data. The technology is advancing, social

networks evolve but we must focus regarding security and privacy to our person to

make use of them.


GRATITUDE

This article is written with an expression of gratitude to teacher Valeriano Orozco

Meztli and our fellow reviewers who provided moral support for writing this.

Araceli&Arlethe


REFERENCES

BORBÓN Sanabria , J. S. (2012). Seguridad.

FUNDACIÓN TELEFÓNICA. (2012). El debate sobre la privacidad y seguridad en

la Red: Regulación y mercados. Fundación Telefónica.

GOUJON, A. (21 de Agosto de 2013). welivesecurity. Recuperado el 15 de Mayo

de 2014, de http://www.welivesecurity.com/la-es/2013/08/21/51-usuarios-

latinoamericanos-utiliza-redes-sociales-fines-corporativos/

RODOTÁ, S. (2011). Social Networks and children's privacy. Reus.

INTECO, I. (17 de 05 de 2010). Seguridad de La Información y Redes Sociales.

GRIVA, J. P. (19 de 09 de 2011). Privacidad en las redes Sociales. Recuperado el

12 de 04 de 2014, de http://redaccion1.bligoo.com.ar/la-privacidad-en-las-

redes-sociales

PANDA, S. (28 de 08 de 2008). PandaLabs. Recuperado el 10 de Abril de 2014,

de http://www.pandasecurity.com/img/enc/Red_Soc_punto_mira.pdf

Security in social network araceli&arlethe

Technology

Transcript of Security in social network araceli&arlethe