Role Of Information Security In Social Networking

Published Date: 02 Nov 2017

Academic Question: What are the security threats which put social networking at risk and recommendations to avoid them?

Aims

To Assess the different security threats which are involved in social networking websites

To provide recommendations which can be done to minimise the impact of security threats

Objectives

Research the features and functions of different social networking websites

Research the different types of security threats which involve around social networking

Compare the different threats which threaten social networks

Find out the impact of social networking threats

Explore recommendations to minimise the effect

Research and reflect on government’s role on social networking security.

Artefact to be developed

Identify and compare the different security threats which are threatening social networks and draw up recommendations of how they can be minimised and avoided.

Part C – Literature Review

Following my project proposal and researching many sources based on my academic question there were key sources which were relevant to the academic question, aims and objectives, and the artefact.

Review 1 – Social Network Security Issues

With the research that I have undertaken this source explains the different threats of security within Social Networking. Passwords are one of the highest risks with social networking. It explains what can be done from individuals from making unauthorised access such as creating passwords longer which makes it more difficult for them to be guessed. It talks about adding security questions which is relevant as most websites using authentication techniques require secret questions, if a user happens to lose their password.

Link traps, malware, spyware, Trojans and viruses are all challenges for social networking security where users can fall victim by clicking on appealing links. Link traps open the back door for viruses and spyware to infect systems; and can have consequences with large networks and organisations. With this source it covers the main areas which are common threats not only to social networking, but to computer and internet security on a whole. (Rever Ses, 2012)

Review 2 – Social Networking Security Threats

This source lists some of the threats of three popular social networking websites; these include Facebook, Twitter and Linkedin. It explains some of the threats by the social network such as; survey scams and advertising which are popular threats on social networks. It shares valuable important information such as the twitter money scam during the tsunami and earthquake in Japan which was a phishing example which led to peoples bank details been stolen. Shortened URL’s are a top important threat to social networking, where malicious hackers will set up fake or cloned websites which trick the user into thinking it is secure when it isn’t.

Although threats seem to target Facebook and Twitters users, data mining is a threat to Linkedin even though threats remain low on Linkedin. Data mining is a form of phishing where hackers will gather information on organisations and their employees profiles to launch attacks, which is another threat for social networking.

This source contains protection strategies to stop users becoming victims of these attacks; these are very useful to the artefact questions where recommendations are needed to be drawn up for how to use these websites safely. The major majority of recommendations is about privacy which they recommend users adjust to stop attacks from happening. (Sophos, 2012)

Review 3 - Security Threats on Five Social Networking Websites

This review contains some known threats on five social networking websites, one important threat on Facebook it explains people clicking on links posted by friends, as like viruses on computers and emails, the behaviour is the same on social networking, this threat is often popular with users as it looks appealing. Tumblr which is a social network for blogs has become under threat over phishing scams such as hackers acting as admins or staff to send special offers (e.g. Airline Tickets, freebies etc.) The impact of this is users could give those details of their bank details through these bogus websites.

This source also includes threats on YouTube, malicious hackers will use links to encourage users to download links which contain malicious files, the information explains that this is done by appealing videos which are not what it’s described to be (e.g. Sneak peak of new films, but just contains details of a malicious website, which says where the video is.) Users can also be fooled into entering their bank details if they visit these malicious websites and carry out the steps the hackers have set up.

With Twitter, hackers are unable to do much scamming but the threat is similar by sending out links to malicious websites which is common to all social networking websites but a different approach of doing this. With this source it analyses threats of Linkedin, which is most likely the less targeted social network, however they can occur by malicious users setting up fake invitations and email users which could lead to malware or unwanted spam.

With reviewing this source of information it relates to the project as it describes different security threats to different websites as they have limitations of what can be done. Due to limitations, it limits hackers of how can impose a threat to the website. These are all useful threats which support the aims and objectives and this information can be used when identifying the threats. (IT Business Edge, 2012)

Review 4 – Social Network Security Threats: How to Avoid Becoming a Victim

With this source, we are looking at a Facebook problem, which occurs quite often on Facebook and steps of how to avoid the problem from it occurring. With lots of users using Facebook and users have very large friends lists, it shows the chances of you getting a link sent to you during a live feed or private message are likely, it shows an appealing message from a friend (e.g. Video uploaded of you from Youtube.) Just clicking on the link, the user is open to malware and viruses, once your profile is infected with the virus it can spread automatically by sending it to everyone on your friend list.

With this information it evaluates the steps to be taken to stop the user from becoming a victim, this includes recommendations of how to prevent them which answers the objectives, academic question and working towards the artefact due to investigating the recommendations of minimising the effect. With the information it has on minimising the effect it can be used of how they dealt with to stop malware spreading to users, these include making users aware of messages which have links inside of them, check who the message is from etc. (Leggio, J. 2008). 

Review 5 – Secure Social Networking

This source of information is making users aware of privacy and security of social networking, it includes never trusting a stranger with your account, it explains that once an individual has gained access to your account, they can already find out a lot about you including, the circle of friends you have, personal information etc. With links to malicious software they can generate disastrous results such as key loggers; which could mean hackers gaining access to your social networking accounts, as well as email. With this argument it can have major consequences to a system, as malware could spread to a system damaging your connected device.

It also talks about the main threat phishing; this is one of the top threats in security on the whole on the internet. Another issue is passwords where hackers can use brute force attacks to gain access to accounts if users have easy or guessable passwords (e.g. access, password, 123456789 etc.) This explains some actions can take if users do not secure their account in the first place, and provides a number of steps to minimise the impact. All these steps are relevant to the academic question as they provide information of what can be done from a hacker’s point of view and the user themselves. (Rachwald, R. 2012). 

Review 6 – Staying Safe on Social Networking Websites

With this source it contains useful information on social networking, firstly it explains the features of a social network website, the features are how they are different depending on the social network, (e.g. How LastFM and Facebook differ, or how some are directed at business or some out of personal interest.) With social networking it explains useful material on security implications of social networking due to the information the user provides on their profile such as personal information (e.g. Name, Address, Location, Interests etc.) With the implications of this becomes a threat as malicious users can use this information to launch social engineering attacks on your profile such as phishing and malware.

With regards to the artefact where recommendations or minimising threats, it contains information of what the users can do themselves to prevent them becoming a threat of a malicious user such as what users need to be aware of when using these websites and what actions they can do from it happening in the first place such as evaluating your settings, this is to see how you limit your personal information and who can see it, which is not mentioned a lot in other sources. This source provides a lot of recommendations which answers one of the aims of the project and the artefact itself. (McDowell, M. 2011)

Review 7 – Top 10 Social Networking Threats

This source is very relevant to the aim, objectives and artefact of the project as it lists 10 of the biggest threats across social networking websites, regardless of what features they have. These include Worms, Data Leaks and Trojans which are also common internet threats. This source is very useful to identifying the threats which is part of the academic question and it also explains what is in this threat and what the consequences of this threat.

One of the important threats but not extremely common is impersonation where a malicious user is pretending to be someone else, this could be done by cloning accounts, or pretending to be the person which they are not. This is very common with Facebook and twitter with celebrities who claiming they have a Twitter or Facebook account. It also talks about data leaks, this is very common and due to individuals sharing too much information on their profiles it puts them at risk and malicious users can use this information for their own benefit (e.g. Employee shares information about project they are working on, this can has consequences for their job and their project and it can be leaked onto the web.) (Palo Alto Networks. 2010)

Review 8 – Social Networking and Security Risks

This source analyses the security risks of social networking, this includes privacy, and how harmless shared information can turn into a security risk for the user. With users sharing their daily information on social networks such as Facebook they have a big impact (e.g. User shares going on holiday.) Sharing information such as this could give users opportunities to break an entry into your home with it being empty; this is a security risk which is looked on privacy issues.

Facebook applications are one of the biggest security threats on Facebook, it talks about how some are trusted applications and whereas some are not which can lead to social engineering attacks such as phishing. It also looks at twitter at status updates, it looks at what users are posting and what the consequences of this could be such as work related issues such as negative points about your job could land you disciplinary action or dismissal from your job from comments made on social networking websites.

It talks about the consequences of spam hoaxes and what can be done to identify them and what steps can the user take. With spam hoaxes you can be able to tell the difference between hoaxes and which ones are real message such as only opening attachments unless you are expecting one, using up-to-date web browsers and scanning attachment files with virus scanners.)

This information is valuable for the project aims and objectives as it gives detail of to some of the threats which are around on social networking websites and explains well how they happen and how they work, they will help create the artefact when looking at many different threats and what are the recommendations of preventing it. (Dinerman, B. 2011). 

Comparison

With doing a literature survey and looking at the sources, I have used eight key sources for my literature review which I will find useful for my project. With looking at all these sources they all contain different aspects of information at different threats depending on the social network itself. With the research a lot of threats were focused on Twitter and Facebook which were fairly popular for social engineering attacks and data breaches. However, some of my sources related to other social networks. With my second review it looks into linkedin and Google plus who are less common with attacks.

Also review seven looked into ten social networking risks and threats these had relative different threats rather than the common ones such as phishing, spam and email hoaxes, this looked into social networking worms, botnets, impersonation which had not been researched so far in my literature review.

Part D – Project Progress

Following completing the literature survey and review progress has been made while reviewing the aims and objectives and what needs to be achieved for the project. Following the research to be undertaken, I already have an idea of the threats which I need to analyse and evaluate and what can be done to prevent these from happening. With my literature review I have learnt about many risks and threats that I didn’t know about which can be included in my project as I find them essential security measures.

Also, following a meeting with my supervisor (Carl Dudley) he suggested what the government’s role is on the security of social networking. With the outcome of this, I decided to add this into my project objectives; as this was not an original objective of the project whilst I was doing my project proposal. With the results of these security risks and threats and recommendations; I now have a good understanding of how to introduce the answering of the academic question and making full details of the artefact.

Project E – Project Plan

No Key changes made.