No announcement yet.

Social Networking - Commonly Employed Threats

  • Time
  • Show
Clear All
new posts

  • Social Networking - Commonly Employed Threats

    Many threats will continue to pose problems for those using the Internet, and unless you opt to stop using these services, you must address the threats. Some threats is targeted towards human beings and the weaknesses of human nature.

    These are some types of threats that target users and human nature...

    This can be used as an all-inclusive term for viruses, spyware, keyloggers, works, trojan horses, amongst others.

    Shoulder Surfing
    This type of attack takes place when one party is able to look over another's shoulder or spy on another's screen. This is common in environments of every type, because when you see other people watching what you are doing, you attribute it to normal human curiosity and think little of it.

    This involves listening in on conversations, videos, phone calls, e-mails, and other forms of communication with the intent of gathering information that an attacker would not otherwise be authorized to have.

    Dumpster Diving
    One man's trash is another man's treasure, and an attacker may be able to collect sensitive or important information from wastebaskets and other collection points and use it to perform an attack. In practice, such information should be shredded, burned, or otherwise destroyed to avoid it being intercepted by an attacker.

    Phishing uses a legitimate-looking e-mail that entices the victim to click a link or visit a website where your information will be collected. This is a very common attack and is very effective, even though this technique has been around for more than a decade and multiple warnings and advisories have been published.

    Although many organizations and companies implement technology, administrative policies, and physical measures to stop social engineering attacks, prevention still comes down to the human being.

    Some mitigations can be put in place to defeat technology-based attacks...

    Installing a Modern Browser
    As the main portal to the Internet, your browser must be as safe and secure as possible. Being safe and secure means at least two things: Use the most current browser, and keep the browser up to date. Additionally, avoid unnecessary plugins and add-ons that clutter the browser and may weaken it. Most modern browsers include features that protect against social engineering attacks like phishing and bogus websites.

    Using a Pop-up Blocker
    Any modern browser recognizes potentially dangerous pop-ups, lets you know when it blocks a pop-up, and offers the option to selectively block each pop-up as needed.

    Heeding Unsafe Site Warnings
    If a user visits a website that is fraudulent, untrusted, or has known security issues, the browser should prevent the site from loading.

    Integrating with Antivirus Software
    The browser should work with a resident antivirus program to scan downloaded files for security threats.

    Using Automatic Updates
    Most modern browsers typically update themselves to install fixes to flaws in the browser and to add new security features.

    Private Browsing
    This feature has become a staple of modern browsers. This mode prevents the saving of specific types of information in the browser such as search history as well as preventing certain behavior from being observed.

    Changing Online Habits
    No browser can compensate for poor Internet safety habits. Tools can help, but they cannot stop you from acting recklessly or carelessly while accessing the Internet.

    Consider that when you upgrade a browser to a newer version, some provide an extensive library of plug-ins, extensions, and add-ons that can make the browser more secure that it would be on its own. For example, a browser such as Google Chrome offers extensions like Ghostery, Adblock Plus, AVG Antivirus, and others.

    Some common methods to consider for users or clients should include the following...

    Exercise caution on unsecured wireless networks.
    The free WiFi access at the coffee shop could cost you a lot if it is insecure and open to everyone. An insecure connection is an open network that allows anyone to connect. Information passed from a computer to the wireless access point and vice versa can be intercepted by people with the right tools because it is not encrypted. Additionally, network attacks can be made from other computers connected to this network.

    Be careful accessing sensitive information in a public place.
    Even on a secure connection or a VPN, people can see what you type on a laptop screen. You may reveal sensitive information to a person walking by with a camera phone while you do your online banking. The same is true in any office space, where a nosy coworker peering over a cubicle wall or an unscrupulous network administrator spying on a workstation can snag a password.

    Don't save personal information casually on shopping websites.
    Most shopping sites offer to save a credit card and address information for easier checkout in the future. Although the information is supposedly secure, many thefts of such information have occurred recently.

    Be careful about posting personal information.
    People love to chat and share or post the details of their personal lives on social networking sites. They give the public access to their information and then complain about privacy issues.

    Keep your computer personal.
    Browsers make it easy to store passwords and form information. Anyone who opens such a browser can check the browsing history, visit secure sites, and automatically log in as you, if you opt to have the browser save your password. Avoid storing passwords or password protect your computer and lock it when you do not use it. Make a second user account on a computer for other people to use so information is kept separate, and make sure that account is password-protected and not given high-level access or privileges such as that available to an administrator.

    The majority of risk factors can be controlled through these simple steps
    • Control the online environment by using the current version of a reputable browser. A browser like Firefox performs the following safety actions:
    • Prevents you from going to malicious sites
    • Scans files you download
    • Blocks pop-ups
    • Helps safeguard personal data
    • Watch the sites you visit. Tools such as those provided by antivirus vendors can help identify which links are safe. Know something about a website before you go there.
    • Watch what you do online with personal information. For example, do not post information on social networking sites that you would not be comfortable sharing with the rest of the world.
    • Avoid insecure WiFi connections
    • Lock your computer with a password when it is not in use.
    • Do not save credit card information for every site you visit.

    Certified Security Geek