Can you protect yourself on Social Media?

One of the greatest challenges to privacy and security in the next several years is Social Networks and Social Media. Sites like Facebook, Twitter, LinkedIn, MySpace and others can be the downfall of valuing information. The ability to share and provide information is completely the opposite of network security requirements. This is really encouraging people to do things that are not security conscious activities. Social media encourages:

• Lack of privacy
• Encouraging information sharing
• Giving away answers to security questions
• Social engineering

As we have seen recently, a lot of spam, spyware and malware is attacking social network. Just in the past week I have probably gotten a 100 requests to be my friend on Facebook from people who i do not know and funny enough, all the message have the exact same personal message. Malicious people are attracted to social networks because of the ease of gaining trust and availability of data for social engineering. Relationship building is easier through social media which can easily lead to phishing attacks.

With these sites, people install applications without knowing what goes on in the background, and its easy to download malicious code to your computer. There are no external third party audits of these applications before the make it to your Facebook application. Your computer can be easily infected by a virus or spyware.

What does the Social Media user to to protect their information?
No Personal information - This is anti-social network, but there are things you can limit about what you post. Don't post your Birthday! Or your address, or your mothers middle name or any really personal data.

Limit who can view and contact you - Don't let your profile be truly public, restrict to people you know for requested users. Remember you can't retract information you put out there.

Dont trust strangers - Your mother was right, don't open the door to strangers. Limit who you accept chat or friend requests from and well as even communicate with.

Trust no one - People lie, its sad but true. So profiles lie, they might say they went to your college or high school. They might be interested in your groups, so dont take anyone at their word.

Restrict your privacy - There are a some configuratin setting in all the social media applications that can allow you to turn on some restrictions on your privcay. Take a minute to actually look at them. One easy example is in Facebook you can creat groups that you can place friend in, you don't want business people seeing what your friends are posting.

Password management - An oldie but a goodie, always use a strong password and don't share it. And change it periodically.

Layers of protection - You should be running a personal firewall and antivirus software on the machine you are viewing social networks. This will help if a malicious piece of software tries to download something to your machine. Keep your protection software up to date as well and run the patch management software on your machine, this is especially important for you Windows users.

Child protection software - You should have some kind of child protection software running on machines where children under 13 are using. This will help with all that shady software that is out there.

Gary Bahadur

http://www.kraasecurity.com/

http://blog.kraasecurity.com/

http://twitter.com/kraasecurity

Address: 200 Se 1st St #601 Miami FL 33131

*Managed Security Services

*Vulnerability Management

*Compliance & Policy Development

*PGP Security

*FREE Website Security Test

Related articles by Zemanta

• Half of Online Adults Use Social Networks at Least Monthly (seekingalpha.com)
• Firms worry about social networks, but don't block access (arstechnica.com)
• Google Buzz proves problems with single online identities (thewayoftheweb.net)
• Are Consumers Becoming More Suspicious of Social Networks? (marketingvox.com)

Vanguard Security Conference - Supplier Security

I spoke at the Vanguard Security Conference (http://www.go2vanguard.com) Vanguard has been doing this conference for a number of years. The focus is on Mainframe security. Most security professionals these days have never worked on MF security. I am proud to say I have back in the mid-90’s. We perhaps I shouldnt be do happy, it was over a decade ago.

The point being, that there are so many areas of security out there that most of us will never touch yet there is a dire need for professionals. The conference was less attended, as are most conferences this year, but I found the folks here are REALLY interested in learning and excited about the classes.

My topic was on Supplier Risk Management processe. You are asking yourself, what is that? I asked myself that same question in coming up with some good processes to target Supplier security. We have to go way beyond a SAS70 if you want real security over the hundreds or thousands of vendors that a large company may work with.

The Problem:

-No framework for managing vendor risk
-Inconsistent processes for tracking vendors
-Lack of enforcement capabilitiesThe Problem:

The Opportunity:

-Provide practical steps to manage vendor access/management
-Provide cost effective solution for risk mitigation
-Provide numerical risk analysis of vendor/partner security issues
-Risk reduction or risk acceptance
-Documented exposure
-Iterative process for risk management
-Happy CIO

So a Supplier Security assessment follow 4 main steps:

1 Analyze current vendor database, catageorize each determine risk of each supplier,

2 Determine threats posed by each supplier
3 Perform assessment tests of each supplier, their processes of interaction, and data access
4 Develop risk mitigation plan, update processed, monitoring processes

Gary Bahadur

baha@kraasecurity.com

http://www.kraasecurity.com

http://blog.kraasecurity.com

*Managed Security Services

*Vulnerability Management

*Compliance & Policy Development

*PGP Security

*FREE Website Security Test

US to set out cyber security plan -Baha to the rescue

Why did it takes us over 2 decades to really approach the cybersecurity topic. When I started in informatio security in in 1994, it was the wild west. People were creating processes, developing security frameworks and growing a whole new industry. I like to think I played some part in being on the early team at PriceWaterhouse and we had the first ever corporate "Hacking Lab" in NJ to test our clients security weaknesses. Those were Good time. Now we are just in Regular times.

So what can we expect from the Czar?

The White House must take the cybersecurity lead. The current approach to cybersecurity is untenable, said Hathaway at RSA in April.

Well that was obvious. When you have hackers runing around American corporations and in and out of government agencies, I would agree that is "untenable".

Here is my plan for cybersecurity:
1) Put ME in charge of the whole thing.

Good plan right?

My point is you have to have someone with a practical approach. You to address this both straategically and tactically. Tactically in the short term and strategic in the long term.

We know government cant get out of its own way, so let the private sector have more say in how this is done. Simple way to start:
1) Have a time line, say 2 year to have every government and quasi government computer defined in a risk classification scheme.
2) Conduct continuous vulnerability assessment of the High and Medium risk systems.
3) MUSt have Patch management for all systems.
4) Encrypt any data leaving a secure internal system
5) Figure out what Data Loss Prevention means!
6) FUND Cybersecurity like its part of the Defense Budget.

Baha - new Cybersecurity Czar
baha@kraasecurity.com
www.kraasecurity.com
http://blog.kraasecurity.com
*Managed Security Services
*Vulnerability Management
*Compliance & Policy Development
*PGP Security
*FREE Website Security Test

+++++++++++++++++++++++++++++++++++
BBC
US President Barack Obama is to set out plans for securing American computer networks against cyber attacks.

In a speech that follows a 60-day review, Mr Obama is expected to announce the creation of a cyber security office in the White House.

Both US government and military bodies have reported repeated interference from hackers in recent years.

In a separate development, the Pentagon is to create a new military command for cyber space, the New York Times said.

Mr Obama will not discuss the Pentagon plan during Friday's announcement, the newspaper said.

But he is expected to sign a classified order to establish the military command in coming weeks, it reported, citing officials.

'Serious threats'

The 60-day review was carried out by Melissa Hathaway, who has been serving as interim White House cyber security adviser.

The new office is expected to co-ordinate a multi-billion dollar effort designed to restrict access to government computers and to protect systems - such as those that run the stock exchange and air traffic control - that keep the country going, reports BBC defence and security correspondent Rob Watson.

More Hacking Fun

Just another hacker story from New Zealand. The interesting thing is that it with all the data stolen fromt he online forms for credit card applications, the theft provides a great way to open legit credit cards somewhere else. So how do you stop legitimate applications from going through now? You have to love the "2 years of free credit monitoring" that all the hacked companies give you.

Hackers steal Shell customer information
Tue, 17 Mar 2009 10:17a.m.

Online hackers have stolen personal information from almost 6000 Shell customers in New Zealand and Australia. Shell spokeswoman Jackie Maitland confirmed to NZPA today that 1400 New Zealand customers were affected and another 4500 in Australia.
Both the New Zealand police e-crimes unit and the Queensland police were investigating.
Ms Maitland said the information obtained by the hackers was contained in online application forms for a Shell fuel card.

Gary Bahadur
KRAA Security
info@kraasecurity.com
www.kraasecurity.com
Managed Security and Consulting Services
Managed Firewall
Managed IDS
Managed Email