SOCIAL NETWORKING Keith Watson, CISSP-ISSAP, CISA Information Assurance Research Engineer, CERIAS SECURITY AND PRIVACY

Find Me Online ikawnoclast.com facebook.com/ikawnoclast twitter.com/ikawnoclast linkedin.com/in/keithwatson Please tweet as we go with #puaware

Overview Own Your Space Definitions and Terms Questions Passwords, Systems, Networks Things to Keep in Mind Service Specific Configuration Options

Own Your Space

A Guide to Facebook Security A guide to risks and security features of Facebook Available in English since August 2011 Translated into seven languages Arabic version available in mid February (guide)

Terms CC-licensed photos by Dr Noah Lott, bnanative on flickr

Types of Services Networking – Facebook, Google+, Linkedin, Twitter Content Sharing – Pinterest, Facebook, Dropbox, Google Drive Location-based Services – foursquare, Google Latitude, Facebook, Gowalla

Types of Protection Security – Prevention of malicious action to systems, info Safety – Prevention from physical or mental harm Privacy – Prevention of exposing sensitive or private info

Default Privacy Modes “Mostly open” – The default sharing mode is public – You must choose to keep content private “Mostly closed” – The default sharing mode is private – You must choose to share content

Questions CC-licensed photos by Colin_K, Mario Belluci, Horia Varian on flickr

Why is it free? If a service does not charge you money, then you are paying in other ways – Marketing and Advertising – Privacy Facebook has 1 Billion monthly active users – Revenues for Q2’12: $1.18 Billion, 84% from ads Linkedin Marketing Solutions: $63.1 Million Twitter uses Promoted Tweets based on you

What are the risks? Privacy Reputation Data Access Control Employment Legal Proceedings

What should I do? Realize that social networking is not free Review the security/privacy settings of sites you use periodically Stop using it!? Deactivate or delete your accounts!? Extract your data Assume the worst case scenario is possible – Prepare for it

Your Memory and System Have Issues CC-licensed photos by ecastro, allaboutgeorge, TounuTouji on flickr

Passwords and Password Tools Weak/short passwords can be discovered – Brute password breaking is cheaper today Strong passwords are needed, everywhere You have too many passwords to remember! Use a password tool to manage passwords – 1Password, LastPass, PasswordSafe, RoboForm – Browser integration, mobile platforms Use one-time password systems

System Security Stay up to date with software – Especially Flash Player, Java, web browsers Upgrade your OS! – XP is now 11 years old; support ended in 2009 Remove internet software you do not use Install anti-malware software – If it’s a Purdue system, this is software is free! – Make sure it’s updating Your regular account should not be an admin

Network Security Avoid using open WiFi connections – A WPA2 connection with public password is safer Use a virtual private network (VPN) – Purdue’s VPN available to Career Account users Enable your OS or anti-malware firewall Enable your home router’s firewall for devices Disconnect your system from the network when not needed

Things to Keep in Mind CC-licensed photo by joguldi on flickr

Content Sharing Privacy Before you post, ask the following: – Will this post/picture cause a problem for me? – Can I say this in front of my mother? Divide your Friends into groups, lists, or circles Limit the number of people that see it Share public information with the public Share inner thoughts and personal feelings with close friends

Networking Privacy Do not Friend or Connect with people that you have not met in person or know well Reject Friend requests and Connections Having a lot of Friends works can against you – Facebook may ask you to identify your Friends Limit your visibility on services

Location Privacy and Safety Limit your check-in information to friends only Never check in at your home, school, work A mayorship is a public “office” Avoid public lists for a location Do not let friends check you in Review posts you are tagged in

Service Specific Configuration Options

Google Security and Privacy Enable 2-step verification – Use Google Authenticator or text-based codes – Applies to (almost) all Google services Create Google+ circles based on sharing needs Turn off geo location data in photos Turn off “find my face” in photos and videos Manage your Dashboard data

Facebook Security Tools Enable – Secure Browsing – Login Notifications (text and ) – Login Approvals (text and mobile Code Generator) Select your Trusted Friends Review and Monitor – Recognized Devices – Active Sessions Delete old and unused Apps

Facebook Privacy Tools Limit App access to your data Set your default audience to Friends Customize your timeline content settings – Who can post, tag you, tag reviews – Disable tag suggestions for photos uploaded Limit search engine inclusion Limit third-party and social ads Limit info that can be included by others in apps

Dropbox Security and Privacy Enable two-step verification Disable LAN sync on laptops Do not put sensitive data into Dropbox Encrypt files if needed Unlink old devices Review Apps linked to your account Turn on for new devices and apps added Review your shared folders periodically

Twitter Security and Privacy Enable Protect My Tweets Enable HTTPS Require personal information for password reset Disable location data for tweets – Delete old location data too

Linkedin Privacy Turn off data sharing with third-party apps and sites Consider changing your photo visibility, activity broadcasts Remove Twitter access Disable ads from third-party sites Enable full-time SSL connections

Foursquare Privacy Do not include yourself in lists of people checked into a location Do not earn mayorships Do not let friends check you into places Do not let venue managers see you

Stay Safe Stay up to date on software and settings Be selective when choosing friends Using your thinkin’ before you’re tweetin’! Be mysterious