Presentation is loading. Please wait.

Presentation is loading. Please wait.

Social Networking Security and Privacy Keith Watson, CISSP-ISSAP, CISA

Published byLouise Thompson Modified over 6 years ago

Similar presentations

Presentation on theme: "Social Networking Security and Privacy Keith Watson, CISSP-ISSAP, CISA"— Presentation transcript:

1 Social Networking Security and Privacy Keith Watson, CISSP-ISSAP, CISA
Information Assurance Research Engineer, CERIAS

2 Find Me Online ikawnoclast.com facebook.com/ikawnoclast
twitter.com/ikawnoclast linkedin.com/in/keithwatson Please tweet as we go with #puaware

3 Overview Own Your Space Definitions and Terms Questions
Passwords, Systems, Networks Things to Keep in Mind Service Specific Configuration Options

4 Own Your Space

5 Terms CC-licensed photos by Dr Noah Lott, bnanative on flickr

6 Types of Services Networking Content Sharing Location-based Services
Facebook, Google+, Linkedin, Twitter Content Sharing Pinterest, Facebook, Dropbox, Google Drive Location-based Services foursquare, Google Latitude, Facebook, Gowalla

7 Types of Protection Security Safety Privacy
Prevention of malicious action to systems, info Safety Prevention from physical or mental harm Privacy Prevention of exposing sensitive or private info Security: CIA

8 Default Privacy Modes “Mostly open” “Mostly closed”
The default sharing mode is public You must choose to keep content private “Mostly closed” The default sharing mode is private You must choose to share content Examples of Mostly Open Facebook Twitter Linkedin Pinterest Examples of mostly closed Dropbox Chat sessions in most services

9 Questions CC-licensed photos by Colin_K, Mario Belluci, Horia Varian on flickr

10 Why is it free? If a service does not charge you money, then you are paying in other ways Marketing and Advertising Privacy Facebook has 1 Billion monthly active users Revenues for Q2’12: $1.18 Billion, 84% from ads Linkedin Marketing Solutions: $63.1 Million Twitter uses Promoted Tweets based on you Social Media and Networking platforms solve a basic market problem. How can I find out about my customers? Marketing is an inbound activity gathering more information about customers likes. Advertising is an outbound activity attempting to influence, inform, and generate sales. Facebook has independent ROI data from more than 60 advertising campaigns using a variety of third-party methodologies like panels and marketing mix models. The results show that 70% of campaigns resulted in a return on ad spend of 3x or better, and 49% of campaigns showed a return on ad spend of 5x or better. Source: Linkedin’s Marketing Solutions product represent 28% of total revenues. Source:

11 What are the risks? Privacy Reputation Data Access Control Employment
Legal Proceedings Privacy loss is having sensitive data exposed. Reputation loss is having your reputation damaged through your account or others. Losing data such as photos, posts, content, etc. Losing access is the inability to access your account through a compromised password or account suspension. Losing control is the inability to make changes to your account because someone else also has control over it. Jobs have been lost over posts to Facebook. Interviewers use facebook as tool for background investigations. Lawyers and judges are using social media content in legal proceedings.

12 What should I do? Realize that social networking is not free
Review the security/privacy settings of sites you use periodically Stop using it!? Deactivate or delete your accounts!? Extract your data Assume the worst case scenario is possible Prepare for it Social media costs you time, privacy, maybe money. Sites add new features and make changes periodically. Stay up to date.

13 Your Memory and System Have Issues
CC-licensed photos by ecastro, allaboutgeorge, TounuTouji on flickr

14 Passwords and Password Tools
Weak/short passwords can be discovered Brute password breaking is cheaper today Strong passwords are needed, everywhere You have too many passwords to remember! Use a password tool to manage passwords 1Password, LastPass, PasswordSafe, RoboForm Browser integration, mobile platforms Use one-time password systems

15 System Security Stay up to date with software Upgrade your OS!
Especially Flash Player, Java, web browsers Upgrade your OS! XP is now 11 years old; support ended in 2009 Remove internet software you do not use Install anti-malware software If it’s a Purdue system, this is software is free! Make sure it’s updating Your regular account should not be an admin

16 Network Security Avoid using open WiFi connections
A WPA2 connection with public password is safer Use a virtual private network (VPN) Purdue’s VPN available to Career Account users Enable your OS or anti-malware firewall Enable your home router’s firewall for devices Disconnect your system from the network when not needed

17 Things to Keep in Mind CC-licensed photo by joguldi on flickr

18 Content Sharing Privacy
Before you post, ask the following: Will this post/picture cause a problem for me? Can I say this in front of my mother? Divide your Friends into groups, lists, or circles Limit the number of people that see it Share public information with the public Share inner thoughts and personal feelings with close friends Use your thinking before you’re tweeting. Facebook has an inline audience selector to change reach of content. Separation is useful for picking the right audience.

19 Networking Privacy Do not Friend or Connect with people that you have not met in person or know well Reject Friend requests and Connections Having a lot of Friends works can against you Facebook may ask you to identify your Friends Limit your visibility on services

20 Location Privacy and Safety
Limit your check-in information to friends only Never check in at your home, school, work A mayorship is a public “office” Avoid public lists for a location Do not let friends check you in Review posts you are tagged in This can apply to Pleaserobme.com is an example of oversharing location content.

21 Service Specific Configuration Options

22 Google Security and Privacy
Enable 2-step verification Use Google Authenticator or text-based codes Applies to (almost) all Google services Create Google+ circles based on sharing needs Turn off geo location data in photos Turn off “find my face” in photos and videos Manage your Dashboard data

23 Facebook Security Tools
Enable Secure Browsing Login Notifications (text and ) Login Approvals (text and mobile Code Generator) Select your Trusted Friends Review and Monitor Recognized Devices Active Sessions Delete old and unused Apps Trusted Friends is no longer available. There are lots of references to bypass it.

24 Facebook Privacy Tools
Limit App access to your data Set your default audience to Friends Customize your timeline content settings Who can post, tag you, tag reviews Disable tag suggestions for photos uploaded Limit search engine inclusion Limit third-party and social ads Limit info that can be included by others in apps Facebook Apps can ask for access to a lot of personal data. Sometimes more than is needed. Edit the app access in your account settings.

25 Dropbox Security and Privacy
Enable two-step verification Disable LAN sync on laptops Do not put sensitive data into Dropbox Encrypt files if needed Unlink old devices Review Apps linked to your account Turn on for new devices and apps added Review your shared folders periodically Two-step verification is still in beta at the moment. You can also review web sessions too. App review includes the amount of file access the app has (Full Dropbox or App Folder).

26 Twitter Security and Privacy
Enable Protect My Tweets Enable HTTPS Require personal information for password reset Disable location data for tweets Delete old location data too Protect My Tweets will allow your tweets to be seen only by your approved followers. Good for saving your ID on twitter. Require personal information for password reset requires a user to supply answers to security questions before password is changed.

27 Linkedin Privacy Turn off data sharing with third-party apps and sites
Consider changing your photo visibility, activity broadcasts Remove Twitter access Disable ads from third-party sites Enable full-time SSL connections Check your account setting for Privacy controls. Information sharing is on by default. Linkedin can receive information about your visits to third-party sites with Linkedin pugins. You can change photo visibility to My Connections, My Network, Everyone. Activity broadcasts are information about changes to your profile, recommendations, following companies.

28 Foursquare Privacy Do not include yourself in lists of people checked into a location Do not earn mayorships Do not let friends check you into places Do not let venue managers see you Friend check ins will list you on Twitter and Facebook.

29 Stay Safe Stay up to date on software and settings
Be selective when choosing friends Using your thinkin’ before you’re tweetin’! Be mysterious

Download ppt "Social Networking Security and Privacy Keith Watson, CISSP-ISSAP, CISA"

Similar presentations

SOCIAL NETWORKING Keith Watson, CISSP-ISSAP, CISA Information Assurance Research Engineer, CERIAS SECURITY AND PRIVACY.

SOCIAL NETWORKING Keith Watson, CISSP-ISSAP, CISA Information Assurance Research Engineer, CERIAS SECURITY AND PRIVACY.
®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.

®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Privacy: Facebook, Twitter

Privacy: Facebook, Twitter
Managing the Security and Privacy Risks of Social Media Don Knox, CPP, CITRMS Global Security and Risk Analysis Manager Caterpillar (309) 494 1523

Managing the Security and Privacy Risks of Social Media Don Knox, CPP, CITRMS Global Security and Risk Analysis Manager Caterpillar (309)
Apostolos Paraskevas School Advisor in Primary Education Level.

Apostolos Paraskevas School Advisor in Primary Education Level.
Social Media Networking Sites Charlotte Jenkins Designing the Social Web 06-10-2011.

Social Media Networking Sites Charlotte Jenkins Designing the Social Web
Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.

Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.
 Why would you want to be connected? o To make online connections that will improve your efficiency and speed o To provide a near instant platform.

 Why would you want to be connected? o To make online connections that will improve your efficiency and speed o To provide a near instant platform.
How To Protect Your Privacy and Avoid Identity Theft Online.

How To Protect Your Privacy and Avoid Identity Theft Online.
MANAGING YOUR ONLINE PROFILE WHAT DOES THIS MEAN AND WHY SHOULD YOU CARE? Sarah Morris UT Libraries.

MANAGING YOUR ONLINE PROFILE WHAT DOES THIS MEAN AND WHY SHOULD YOU CARE? Sarah Morris UT Libraries.
10 Privacy Settings Every Facebook User Should Know.

10 Privacy Settings Every Facebook User Should Know.
Chapter 3 Introduction to Computing Chapter 3 Structures in Computing William Johnson Julia Benson-Slaughter

Chapter 3 Introduction to Computing Chapter 3 Structures in Computing William Johnson Julia Benson-Slaughter
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
JMU GenCyber Boot Camp Summer, 2015. Cyberspace Risks and Defenses Facebook Snapchat P2P filesharing Apps Craigslist Scams JMU GenCyber Boot Camp© 2015.

JMU GenCyber Boot Camp Summer, Cyberspace Risks and Defenses Facebook Snapchat P2P filesharing Apps Craigslist Scams JMU GenCyber Boot Camp© 2015.
Information Security and YOU!. Information Assurance Outreach Information Security Online Security Remote Access with Demonstration The Cloud Email Social.

Information Security and YOU!. Information Assurance Outreach Information Security Online Security Remote Access with Demonstration The Cloud Social.
PRIVACY BOOTCAMP https://www.youtube.com/watch?v=5P_0s1T YpJU.

PRIVACY BOOTCAMP YpJU.
FACEBOOK IS THE BEST THING THAT EVER HAPPENED TO FRIENDSHIP WHY I LIKE FACEBOOK! By Mike Matthews.

FACEBOOK IS THE BEST THING THAT EVER HAPPENED TO FRIENDSHIP WHY I LIKE FACEBOOK! By Mike Matthews.
Social Media 101 An Overview of Social Media Basics.

Social Media 101 An Overview of Social Media Basics.

Similar presentations

Ads by Google