Web 2.0/Social Networks and Security
-
Upload
sherrymoon7121 -
Category
Technology
-
view
381 -
download
0
description
Transcript of Web 2.0/Social Networks and Security
![Page 1: Web 2.0/Social Networks and Security](https://reader036.fdocuments.in/reader036/viewer/2022081401/5562d698d8b42aac778b4a7c/html5/thumbnails/1.jpg)
WEB 2.0/SOCIAL NETWORKS AND SECURITYBy: Sherry Gu
For: ACC626
![Page 2: Web 2.0/Social Networks and Security](https://reader036.fdocuments.in/reader036/viewer/2022081401/5562d698d8b42aac778b4a7c/html5/thumbnails/2.jpg)
AGENDA
Definition of Web 2.0 Magnitude on use of Web 2.0/social
networking applications Impacts of Web 2.0/social networks have on
security and security risks Types of security attacks Triggers/motivations behind security attacks Remedies/solutions to security vulnerabilities Implications for accountants
![Page 3: Web 2.0/Social Networks and Security](https://reader036.fdocuments.in/reader036/viewer/2022081401/5562d698d8b42aac778b4a7c/html5/thumbnails/3.jpg)
WHAT IS WEB 2.0?
Web 2.0 Conference “Network as Platform” – Web 2.0 “managing, understanding, responding…” “…to massive amount of user generated data…” “…in real time”
![Page 4: Web 2.0/Social Networks and Security](https://reader036.fdocuments.in/reader036/viewer/2022081401/5562d698d8b42aac778b4a7c/html5/thumbnails/4.jpg)
MAGNITUDE OF USE
For Businesses: 2008 Survey:
18% of companies use blogs 32% of companies use wikis 23% of companies use RSS-feeds
Forrester Research: Spending on Web 2.0 application: $4.6 billion in 2013
![Page 5: Web 2.0/Social Networks and Security](https://reader036.fdocuments.in/reader036/viewer/2022081401/5562d698d8b42aac778b4a7c/html5/thumbnails/5.jpg)
IMPACTS ON SECURITY RISKS
Control/Detection Risk Add complexity to the current system (multiple platforms,
multiple sources) Inherent Risk
Interactive nature Increase in likelihood of leaking confidential data
Statistics: 40% users attacked by malwares and phishing from social
networking sites Ranked as “most serious risk to information security” in
2010 by SMB’s 60% companies believed that employee behaviour on
social networks could endanger network security
![Page 6: Web 2.0/Social Networks and Security](https://reader036.fdocuments.in/reader036/viewer/2022081401/5562d698d8b42aac778b4a7c/html5/thumbnails/6.jpg)
XSS ATTACK
Injecting malicious codes into otherwise trusted websites
Gives hackers access to information on browser E.g. “Samy” Attack on MySpace
Add Samy as a friend Add “Samy is my hero” on profile pages One million friend requests
![Page 7: Web 2.0/Social Networks and Security](https://reader036.fdocuments.in/reader036/viewer/2022081401/5562d698d8b42aac778b4a7c/html5/thumbnails/7.jpg)
CSRF ATTACK Lure users to open/load malicious links Gives hacker access to already - authenticated
applications Hacker make undesirable
modifications/changes/extractions to applications E.g. Gmail
Malicious codes create email filters that that forward emails to another account
![Page 8: Web 2.0/Social Networks and Security](https://reader036.fdocuments.in/reader036/viewer/2022081401/5562d698d8b42aac778b4a7c/html5/thumbnails/8.jpg)
MALWARES/SPYWARES/ADWARES
Malware: worms, viruses, trojan Examples:
Koobface family malware on Youtube and Facebook
Bebloh Trojan: “man-in-the-browser” attack
![Page 9: Web 2.0/Social Networks and Security](https://reader036.fdocuments.in/reader036/viewer/2022081401/5562d698d8b42aac778b4a7c/html5/thumbnails/9.jpg)
SPEAR PHISHING
Target specific organizations Seek unauthorized access to confidential data Appearance of sender: more direct relationship
with the victim Social networks: help hackers to build more
complete profile about the sender
![Page 10: Web 2.0/Social Networks and Security](https://reader036.fdocuments.in/reader036/viewer/2022081401/5562d698d8b42aac778b4a7c/html5/thumbnails/10.jpg)
IDENTITY THEFT
Researchers from Eurecom Profile cloning Cross-site cloning
Authentication problems
![Page 11: Web 2.0/Social Networks and Security](https://reader036.fdocuments.in/reader036/viewer/2022081401/5562d698d8b42aac778b4a7c/html5/thumbnails/11.jpg)
TRIGGERS/MOTIVATIONS
Technical nature: Largely dependent on source codes: e.g. AJAX Open – source Complex scripts and dynamic technology: difficult for
protection software to identify malware signatures
![Page 12: Web 2.0/Social Networks and Security](https://reader036.fdocuments.in/reader036/viewer/2022081401/5562d698d8b42aac778b4a7c/html5/thumbnails/12.jpg)
TRIGGERS/MOTIVATIONS
Financial Gain Hack into bank accounts Sell to buyers in the large underground market
Organized crime/bot recruitment Web 2.0 applications are: public, open, scalable,
anonymous
![Page 13: Web 2.0/Social Networks and Security](https://reader036.fdocuments.in/reader036/viewer/2022081401/5562d698d8b42aac778b4a7c/html5/thumbnails/13.jpg)
REMEDIES/SOLUTIONS
Employee use policies and education (balance between flexibility and security) Strengthen monitoring and reviewing activities:
extensive logs and audit trails Encryption of user data using public and private
keys
![Page 14: Web 2.0/Social Networks and Security](https://reader036.fdocuments.in/reader036/viewer/2022081401/5562d698d8b42aac778b4a7c/html5/thumbnails/14.jpg)
IMPLICATIONS FOR ACCOUNTANTS
Auditors: Assess need for risk assessment
Social network/Web 2.0 strategy, policies, and regulatory compliance requirements
Risk assessment Identify types of risk Analyze threat potential Validate risk ratings Hire IT specialist
ISACA: social media assurance/audit program
![Page 15: Web 2.0/Social Networks and Security](https://reader036.fdocuments.in/reader036/viewer/2022081401/5562d698d8b42aac778b4a7c/html5/thumbnails/15.jpg)
CONCLUSION
Heightened security risks Risk assessment is critical Policies and procedures
![Page 16: Web 2.0/Social Networks and Security](https://reader036.fdocuments.in/reader036/viewer/2022081401/5562d698d8b42aac778b4a7c/html5/thumbnails/16.jpg)