Importance of Social Networking Security - Essay Example

Social Networking Security Institute Table of Contents Table of Contents 2 3 2- Introduction 4 3- Social Networks 4 4- SocialNetworks and Security Threats 5 5- Social networking security vulnerabilities 6 6- Types of Social networking security vulnerabilities and Criminals 7 6.1- Social networking Illegal Access 8 6.2- Changing websites 9 6.3- Malevolent computer programs 9 6.3.1- Virus 10 6.3.2- Worm 11 6.3.3- Trojan horse 11 6.3.4- Logic bomb 11 6.3.5- Sniffer 12 6.3.6- Spoofing 12 6.3.7- Malevolent Applets 12 6.4- Hacking 12 6.5- Harassment & Stalking 13 7- Mitigation of Social networking security Risks 13 7.1- Assess Risk 13 7.2- Have a Recovery Plan 13 7.3- Control for prevention and deterrence 14 7.4- Use Encryption 14 7.5- Restrict System Use 14 7.6- Password Protected Programs and Data 15 7.7- Use Firewalls 15 8- Conclusion 15 9- References 16 1- Abstract This paper will summarize the major problems that are increasing with the technological enhancements. No one can feel himself/herself secure over the Internet. We are facing many computer criminal attacks from diverse countries and continents. It is the need of the hour that we should realize these various shapes of computer criminal actions and should make an effort to avoid them as far as possible. In this way, we can lessen the possible damage concerning the online computer crimes and their activities. This research is about the detailed analysis of the social networking security issues and the emerging threats to users of social networking websites. In this research I will outline the main security threats that have emerged recently because of extensive web based environment. This main focus of this research is to assess the social networking security. Social networks are common among the present generation and people are extensively participating in these areas. The main reason behind this participation is the availability of the huge knowledge and information at the same place. This allows the participation in different social activities, exchange knowledge, and experience, making friends, and also business marketing. These social networks offer us great advantage for all above mentioned tasks but also a great challenge for the personal privacy attacks and other type of security issues. 2- Introduction According to (Boyd & Ellison, 2007) “social network sites are web-based services that allow individuals to carry out following activities”: 1. Build an open or hidden profile inside a bounded system 2. Develop a directory of other people with whom they communicate 3. View and edit their directory of connections and those made by others inside the system. The uniqueness of social network sites is not that they permit individuals to meet strangers, however rather that they facilitate people to develop and make recognizable their social networks. This can result in communication among users that would not in other ways be made, although that is not the major objective, and these communications are normally between "latent ties" the people sharing some offline connections (Boyd & Ellison, 2007). One thing can be concluded from the above discussion that there are security threats connected with social networking: data stealing and viruses are growing threats. The most widespread threat however frequently engages online individuals who declare to be someone that they are not. However, threat does survive not only with online networking; they also remain with networking out in the actual world, as well. For instance people are advised when meeting unknown persons at clubs and bars, school etc. So we should be careful when meeting people online (What is Social Networking, 2009). 3- Social Networks Social networking websites have turned out to be a family name in todays world. No matter, it is our private or professional life, they are a really amazing method for communicating with friends, colleagues and starting new relationships online (Sedycias, 2009). A social networking site is a Web site where individuals are able to make an online profile; they can mention their interests in profile, as well as they can insert links to other profiles. Usually, users of social networking sites are capable to distribute personal information, comprising photographs, videos, as well as blog entries. One example of social networking site is MySpace which is very well-liked equally with individuals and with music groups, who can distribute their songs on their profile pages and market their tour dates (Hawkins, 2009). A social networking site is a very useful method to stay in touch with a large group of people. If someone has some news which he/she wants to share with to whom he/she knows, he/she can basically add it on his/her own personal bulletin board, and it will be dispersed to the people who are member of his/her friends list. Social networking sites can play an important role for meeting with new people, whether on a business, friendship, or a romantic level (Hawkins, 2009). 4- Social Networks and Security Threats Security encompasses the principles, actions, and technical measures used to stop illegal access, modification, theft, and damage to personal information (Laudon & Laudon, 1999, p. 502). On the other hand, the term ‘Privacy’ refers to right of individuals and organizations to forbid or confine the compilation and utilizations of information about them (Shelly, Cashman, & Vermaat, 2005, p. 591). Nowadays we having a huge danger regarding web based crimes on the social network based environment. These web based crimes comprise different types of computer crimes such as unauthorized access, how to alter websites, malicious program codes including Viruses, Trojan horses, Logical Bomb, Sniffers, Software piracy, Antipiracy, Hacking, aggravation and nuisance, and Cybercrimes. The usage of these terms is very common when we talk about social network crimes (Collins, 2008), (Sedycias, 2009), (Hogben, et al., 2007), and (Shelly, Cashman, & Vermaat, 2005). The Department of Justice in the United States defines the web crime as "any breaches of illegal rule that involve knowledge of computer technology for their perpetration, analysis, or trial." Precise figures on the level of this observable fact have verified to be vague because of the complexity in sufficiently defining web based offenses or crimes. The figures also are unreliable due to sufferer’s sluggishness to report such event that involves web crimes. The cumulative yearly losses to industries and governments are likely to be in the billions of dollars (ecommerce, 2009). 5- Social networking security vulnerabilities The main social networking security threats can also be expressed as “illegal utilization of social networking sites for the criminal purposes such as deception, theft of identity, sharing of information, and misuse is called computer crime” (Computer Crime Research Center, 2005). Accurately what is criminal differs to a great extent from country to country. As a result, the expansion of social networks through the worldwide and availability of sharing of data and information exchanges attracted huge public to areas (social networks). Mainly the Internet has prepared these social network security issues very much common and even harder to regulate. Fortunately many people are fighting against web crimes and it is taken very critically by government organizations (Computer Crime Research Center, 2005). Examples of some of the security vulnerabilities regarding social networks are: given by (Computer Crime Research Center, 2005), (Hogben, et al., 2007), and (Sedycias, 2009): Deception attained by the exploitation of social network user’s record and information. Spamming the social network users Unofficial entrance to or alteration of programs. Logical assets theft of user identity on the social network environment Business spying through access to or stealing of computer resources on a business based social networks. Identity stealing wherever it is accomplished by employment of counterfeit computer dealings. Writing or dispersing computer viruses or worms to huge number of social network members. Salami slicing is the observance of pilfering money constantly in really small quantities Denial-of-service attack, anywhere in social network websites are swamped with service requests and their website is congested and either becomes slowed down or collapses absolutely. 6- Types of Social networking security vulnerabilities and Criminals There are diverse types of the social networking security threats. These can vary according to type of social network and area of implementation. Social network based security hazard has a lot of outlines. Some cases involve the application of computer system for stealing of social network user information and personal detailed. Further cases deals with the copying of data or information in an unlawful way (Norton, 2001). ‘Hacker’ is a word used to explain an external person who has broken through a computer system, typically without legal intention. A Cracker is a nasty hacker, who may perhaps produce a stern crisis for the organization or for a web based system. Computers are being used in all kinds of quests, as well as criminal. As people started selling software and linking computer systems and networks, criminals have found new and different way to profit and destroy online (Turban, Rainer, & Potter, 2004). Although types of social networking threats are numerous and widespread and security dangers can do a great deal of harm working with standard alone PCs and LANs, the Internet has given them global reach. As it attracts more people to work together and play. The internet also attracts online predators. Even, offline computer users are threatened by the spread of viruses, and software companies lose -millions each year because of software piracy (Shelly, Cashman, & Vermaat, 2005). 6.1- Social networking Illegal Access Social networking Illegal Access is the main security problem we are facing nowadays. In this scenario people gain illegal access to user data and information present on the web. Some main types of illegal access to the social network generally involve the following: (Standler, 2002) and (Fadaak, fakhrudin, & Majidi, 2009) 1. Computer voyeur: The unauthorized person reads the secret or proprietary information presented on the social network and leaves it unchanged. 2. Modifying the data: The most useful examples of this are, changing a “grade: on a school result card, shifting "money" to a scrutiny account, or altering the data and information contents at social network etc. unlawful modification of data is usually a deceptive act. 3. Removing data. Removing all the information could be an act of destruction or sabotage. 4. Sending huge number of junk e-mail in a day to user of the social network users, which we call "mail bomb", 5. Encompassing the social network user’s computer to run a nasty program that is really processor demanding and requires more time to execute. 6. Submerging a social network Internet server with fake requests for web pages, thus refuting legal users and prospect to download a web page and also perhaps deafening the server. This is referred as a denial of service attack. 6.2- Changing websites In this threat the hacker removes some pages or some contents on the social network web based system; hacker after that uploads new altered pages over the internet with the old file name, so that the hacker observes and controls the message transmitted over the social network site. However, this is not the most terrible type of security threat. The exact owner of the site can constantly close the website for the time being, reinstate all of the files from support media, improves the security policies at site, and after that revive the site. Even so, the criminal has performed a computer crime by illegally using a computer system of other person (Parker, 2002) and (Standler, 2002). 6.3- Malevolent computer programs This type of threat is often seen in the social network online setups. One user upload some malevolent computer programs to social network system, after that the users of this system involve in such security concerns due to that program. Some computer program that is intended to damage its victim(s): (Standler, 2002) and (Brenton & Hunt, 2002): 1. Malicious code 2. Malicious program 3. Malware   (by similarity with "software") 4. Rascal program Malicious computer programs are classified into the following categories: 6.3.1- Virus This type of malicious computer program is common on social network websites. A virus is a program that infects and spoils an executable file. When the file is infected it works in a strange way than before: perhaps only showing a gentle message on the monitor, perhaps erasing various or almost all files on the users secondary storage or hard drive, conceivably changing data files. Social networking sites are major source of spreading viruses. There are two salient characteristics of a computer virus: (Brenton & Hunt, 2002) and (Standler, 2002) 1. The potential to spread by attaching itself to executable files (e.g., application software, programs like operating system, macros, scripts, master boot record of a hard disk or floppy disk, etc.) When we run an executable file it makes a copy of virus each time it runs in the memory of the computer. 2. The virus causes damage just after it has infected an executable file or application software and the executable file is executed. The most famous example of social networking virus is ‘Samy’ which is a cross-site scripting virus that was developed by Samy Kamkar. Samy effected MySpace social-networking site. The virus carried a payload that presented the series of words "but most of all, Samy is my hero" on users profile. It was released on October 4, 2005. It infected more than one million users within 20 hours of its release. It made Samy one of the quickest spreading viruses of all time (Collins, 2008).1 6.3.2- Worm A worm is a program that replicates itself. The dissimilarity between a virus and worm is that a virus not at all replicates itself, on the other hand, a virus is copied on the hard drive merely as the infected executable file is run by the operating system or by some other means (Turban, Rainer, & Potter, 2004) and (Standler, 2002). For instance, Koobface, which is considered as one of the most booming social networking worm, was initially released on MySpace; however its next versions targeted Facebook, Bebo, Tagged or Twitter.2 6.3.3- Trojan horse A Trojan horse is a deceivingly labeled program that holds at least one function that is unfamiliar to the client and that creates unknown problems to the user. Usually Trojan horse does not duplicate itself, which differentiates it from viruses and worms. Some Trojan horses of dangerous nature facilitate a hacker to handle the sufferer’s computer remotely, perhaps to get passwords as well as credit card numbers, or might be with intent to launch denial of service attacks on websites (Turban, Rainer, & Potter, 2004) and (Standler, 2002). 6.3.4- Logic bomb A logic bomb is a program that "detonates" when some event takes place. The detonated program might stop working (e.g., go into an infinite loop), crash the computer, release a virus, remove data files, or any of numerous other damaging possibilities. A time bomb is a type of logic bomb, in which the program detonates when the computers clock reaches some target date (Turban, Rainer, & Potter, 2004) and (Standler, 2002). 6.3.5- Sniffer A Sniffer is a program that looks for content or even passwords in a packet of data, as they get across the internet in order to obtain something significant to the hacker (Turban, Rainer, & Potter, 2004) and (Standler, 2002). 6.3.6- Spoofing Spoofing is to send fake email messages or web contents or web pages to deceive users to get their personal information or to get money from the user by deception (Turban, Rainer, & Potter, 2004) and (Standler, 2002). 6.3.7- Malevolent Applets Malevolent Applets are diminutive programs made using java language in order to make use of your computer resources, alter or modify your file, initiate a fake e-mail etc (Turban, Rainer, & Potter, 2004) and (Standler, 2002). 6.4- Hacking The word ‘Hacking’ is a computer word pointing out to the action of people who acquire their chuck out of using computers or terminals to crack the safety of distant computer systems. An example illustrates that United States Department of Defense computers are assaulted by master brain hackers hundreds of thousands of times a year with more than the numbers of attacks are going to be undetected (Parker, 2002) and (Turban, Rainer, & Potter, 2004). 6.5- Harassment & Stalking Harassment and Stalking are the main and biggest problems at social network areas. Normally, the harasser aims at causing affecting anguish and has no legal reason to his interactions. Harassment can be as easy as continuously sending e-mail to a person who has been told that they need no more contact with the correspondent. Harassment may perhaps also include coercion, sexual comments, negative labels (i.e., hate speech). A predominantly distressing type of harassment is sending a fake e-mail that seems to be from the sufferer and hold racialist comments, or other awkward wording, so as to smudge the status of the victim (Standler, 2002). 7- Mitigation of Social networking security Risks This section will provide a deep insight into the different mitigation techniques for the handling the of main security threats at social networking. 7.1- Assess Risk The most important way for a social networking structure to diminish security threat is by having a good plan for security, and the centerpiece of such any plan is an assessment of which operations are most vulnerable to attach. Thus a list can be made about disaster-level events that can take place (Parker, 2002). 7.2- Have a Recovery Plan In view of the fact that no security plan guarantees 100 percent safety, so social networking structure should specifically take steps to have backup ready if or when disruptive events such as fires, floods, or computer outage take place. Backup copies should consist of copies of all useful programs and data saved at another site as well as on site. The sole purpose of recovery plan is to keep the social networking structure running after a disaster occurs (Turban, Rainer, & Potter, 2004). 7.3- Control for prevention and deterrence Properly designed controls may avoid errors from taking place unwanted events, deter criminals from attacking the social networking system, and better so far deny access to unauthorized people (Turban, Rainer, & Potter, 2004) and (Sedycias, 2009). 7.4- Use Encryption To stop computer social networking crimes over the internet an exhaustive method is to encrypt the social networking traffic crossing over the network. Encryption makes certain the confidentiality of sender and the receiver. Encryption uses the key of specified length for encoding and decoding the message to read it (Turban, Rainer, & Potter, 2004) and (Parker, 2002). 7.5- Restrict System Use On a social networking site people should only have access to the things they need to do their tasks. A user should only be told about executing a program rather than what the program does and what it is designed for? (Parker, 2002) and (Turban, Rainer, & Potter, 2004). 7.6- Password Protected Programs and Data In a shared data at social networking environment, user can restrict access to programs and data with passwords. User can mention that a person can only access certain type of data requiring certain password otherwise his/her access to the program must be denied (Parker, 2002). 7.7- Use Firewalls To avert the threat of hackers at social network, firewalls should be utilized at the border of the network. Firewalls are set of software or hardware intended to protect social network from attackers as most attacks are carried out outside of the community. Firewalls are used to implement control access policy as it allows certain type of traffic to cross through the social network that meet certain criteria otherwise it blocks the traffic (Brenton & Hunt, 2002). 8- Conclusion The social networking sites are becoming the important part of our lives. As it has facilitated our lives, it has also created lot of troubles in the form of security threats. Criminals target social networking sites or make use of them as tools to carry out old as well as modern types of crimes. This paper I have tried to present the main security threat and vulnerabilities at social network environment. In this research I have outlined the main security problems and difficulties linked to social network operational areas. I have explained in detailed to provide a deep insight into these security vulnerabilities. Then this paper also proposed some security solutions for the social networking security structure enhancement. This research will offer deep insight into the social networking security vulnerabilities and possible solution to avert them. 9- References 1. Boyd, d. m., & Ellison, N. B. (2007). Social Network Sites: Definition, History, and Scholarship. Retrieved September 30, 2009, from Indiana University: http://jcmc.indiana.edu/vol13/issue1/boyd.ellison.html 2. Brenton, C., & Hunt, C. (2002). Mastering Network Security. Sybex. 3. Collins, B. (2008). Privacy and Security Issues in Social Networking . Retrieved October 01, 2009, from FastCompany.com: http://www.fastcompany.com/articles/2008/10/social-networking-security.html 4. Computer Crime Research Center. (2005, November 26). Types of computer crimes. Retrieved August 29, 2009, from crime-research.org: http://www.crime-research.org/news/26.11.2005/1661/ 5. ecommerce. (2009). Computer Crime - Definitions. Retrieved August 28, 2009, from ecommerce.com: http://ecommerce.hostip.info/pages/237/Computer-Crime-DEFINITIONS.html 6. Fadaak, Y., fakhrudin, m., & Majidi, N. B. (2009). ICT and Ethical Issues. Retrieved October 01, 2009, from EyesonTechnology.com: http://eyesontechnology.blogspot.com/2009/01/computer-crime.html 7. Hawkins, K. (2009). What is a Social Networking Site? Retrieved September 30, 2009, from WiseGeek.com: http://www.wisegeek.com/what-is-a-social-networking-site.htm 8. Hogben, G., Acquisti, A., Carrara, E., Stutzman, F., Callas, J., Schimmer, K., et al. (2007, October). Security Issues and Recommendations for Online Social Networks. Retrieved October 01, 2009, from The European Network and information Security Agency (ENISA) : http://www.enisa.europa.eu/act/res/other-areas/social-networks/security-issues-and-recommendations-for-online-social-networks 9. Norton, P. (2001). Introduction to Computers, Fourth Edition. Singapore: McGraw-Hill. 10. Parker, C. S. (2002). Understanding computers Today and Tomorrow. Harcourt Brace College Publishers. 11. Sedycias, R. (2009). Security Issues on Social Network Websites. Retrieved October 01, 2009, from EzineArticles.com: http://ezinearticles.com/?Security-Issues-on-Social-Network-Websites&id=2871743 12. Shelly, Cashman, & Vermaat. (2005). Discovering Computers 2005. Boston: Thomson Course Technology. 13. Standler, R. B. (2002). Computer Crime. Retrieved August 26, 2009, from RBS2.com: http://www.rbs2.com/ccrime.htm 14. Turban, E., Rainer, R. K., & Potter, R. E. (2004). Introduction to Information Technology,3rd Edition. New York: Wiley. 15. What is Social Networking. (2009). What Is Social Networking? Retrieved September 30, 2009, from http://www.whatissocialnetworking.com/ Read More