slidecast ppt

16
WEB 2.0/SOCIAL NETWORKS AND SECURITY By: Sherry Gu For: ACC626

Upload: xinygu

Post on 25-May-2015

762 views

Category:

Technology


0 download

TRANSCRIPT

Page 1: Slidecast ppt

WEB 2.0/SOCIAL NETWORKS AND SECURITYBy: Sherry Gu

For: ACC626

Page 2: Slidecast ppt

AGENDA

Definition of Web 2.0 Magnitude on use of Web 2.0/social

networking applications Impacts of Web 2.0/social networks have on

security and security risks Types of security attacks Triggers/motivations behind security attacks Remedies/solutions to security vulnerabilities Implications for accountants

Page 3: Slidecast ppt

WHAT IS WEB 2.0?

Web 2.0 Conference “Network as Platform” – Web 2.0 “managing, understanding, responding…” “…to massive amount of user generated data…” “…in real time”

Page 4: Slidecast ppt

MAGNITUDE OF USE

For Businesses: 2008 Survey:

18% of companies use blogs 32% of companies use wikis 23% of companies use RSS-feeds

Forrester Research: Spending on Web 2.0 application: $4.6 billion in 2013

Page 5: Slidecast ppt

IMPACTS ON SECURITY RISKS

Control/Detection Risk Add complexity to the current system (multiple platforms,

multiple sources) Inherent Risk

Interactive nature Increase in likelihood of leaking confidential data

Statistics: 40% users attacked by malwares and phishing from social

networking sites Ranked as “most serious risk to information security” in

2010 by SMB’s 60% companies believed that employee behaviour on

social networks could endanger network security

Page 6: Slidecast ppt

XSS ATTACK

Injecting malicious codes into otherwise trusted websites

Gives hackers access to information on browser E.g. “Samy” Attack on MySpace

Add Samy as a friend Add “Samy is my hero” on profile pages One million friend requests

Page 7: Slidecast ppt

CSRF ATTACK Lure users to open/load malicious links Gives hacker access to already - authenticated

applications Hacker make undesirable

modifications/changes/extractions to applications E.g. Gmail

Malicious codes create email filters that that forward emails to another account

Page 8: Slidecast ppt

MALWARES/SPYWARES/ADWARES

Malware: worms, viruses, trojan Examples:

Koobface family malware on Youtube and Facebook

Bebloh Trojan: “man-in-the-browser” attack

Page 9: Slidecast ppt

SPEAR PHISHING

Target specific organizations Seek unauthorized access to confidential data Appearance of sender: more direct relationship

with the victim Social networks: help hackers to build more

complete profile about the sender

Page 10: Slidecast ppt

IDENTITY THEFT

Researchers from Eurecom Profile cloning Cross-site cloning

Authentication problems

Page 11: Slidecast ppt

TRIGGERS/MOTIVATIONS

Technical nature: Largely dependent on source codes: e.g. AJAX Open – source Complex scripts and dynamic technology: difficult for

protection software to identify malware signatures

Page 12: Slidecast ppt

TRIGGERS/MOTIVATIONS

Financial Gain Hack into bank accounts Sell to buyers in the large underground market

Organized crime/bot recruitment Web 2.0 applications are: public, open, scalable,

anonymous

Page 13: Slidecast ppt

REMEDIES/SOLUTIONS

Employee use policies and education (balance between flexibility and security) Strengthen monitoring and reviewing activities:

extensive logs and audit trails Encryption of user data using public and private

keys

Page 14: Slidecast ppt

IMPLICATIONS FOR ACCOUNTANTS

Auditors: Assess need for risk assessment

Social network/Web 2.0 strategy, policies, and regulatory compliance requirements

Risk assessment Identify types of risk Analyze threat potential Validate risk ratings Hire IT specialist

ISACA: social media assurance/audit program

Page 15: Slidecast ppt

CONCLUSION

Heightened security risks Risk assessment is critical Policies and procedures

Page 16: Slidecast ppt