The University of Idaho

1
The University of Idaho
Social Networking Security Darren
Kearney Information Technology Services
2
What to take away from this presentation.

• What is social networking?
• What dangers are involved with social networking?
• How do I protect myself?
• Examples of social networking issues.

3
What are social networking sites?

• A social network service focuses on building
  online communities of people who share interests
  and activities, or who are interested in
  exploring the interests and activities of others.
  Most social network services are web based and
  provide a variety of ways for users to interact,
  such as e-mail and instant messaging services.

4
What are social networking sites?
5
What are social networking sites?

• How big are these sites?
• The largest social networking sites contain
  hundreds of millions of accounts.
• MySpace 246,351,193 accounts and is growing at
  up to 230,000 new accounts a day.
• Why all the concern?
• While most of these sites make privacy tools
  available to users, their very nature is to be as
  open with information as possible.

6
What are the dangers?

• Identity Theft.
• Professional Concerns.
• Personal Concerns.
• Physical Dangers.
• Yes, all the scary stuff.

7
Identity Theft

• What are the primary pieces of information needed
  to steal an identity?
• Full name
• Social Security number
• Date of birth

8
Identity Theft

• Sensitive Personal Information (SPI)
• Social Security Number
• Birth Date
• Credit Card / Bank Account Numbers
• Drivers License Number
• Personally Identifiable Information (PII)
• Non-sensitive information that can be used to
  build a profile of you.
• Mothers maiden name
• Address
• Phone number

9
Professional Concerns

• Employers do view social networking sites to see
  not only what you have posted but who your
  friends are. Having a fun and lively site may
  make finding work difficult.
• Work stories can impact your current job and
  future positions.
• Posting confidential information will impact your
  current employment.

10
Personal Concerns

• Do not post medical information.
• You have the right to remain silent, but pictures
  are worth a thousand words.
• You may feel comfortable showing embarrassing
  pictures or video to friends, but are you ready
  for worldwide ridicule?
• Are you sure you want your mom finding out?

11
Physical Dangers

• Do not post your address in a public site.
• Do not let the world know when youre going to be
  home or not.
• Information about when you are alone and where
  you will be can be used by a potential stalker.

12
How can you protect yourself?

• A quick note about passwords.
• If you can set your site as private, do so.
• Limit the amount of personal information you
  post.
• Remember that the internet is a public resource.
• Be wary of strangers.
• Be skeptical.
• Check privacy policies.

13
Quick notes about passwords.

• Make your password complex and do not share it.
• Do not use the same password for every site.
• If you see any unusual activity on your account,
  immediately change the password.
• Your dogs name or mothers maiden name are not
  secure passwords. If you want to use words make
  up a phrase that exceeds 20 characters.

14
Quick notes about passwords.

• UI Employees should follow the requirements for
  passwords in the APM.
• http//www.uihome.uidaho.edu/default.aspx?pid8059
  7
• 30.15 -- UI Password Policy
• Users shall not use the same passwords for
  University of Idaho accounts as for other
  non-University of Idaho access (e.g., personal
  Internet Service Provider accounts, free online
  email accounts, instant messaging accounts, other
  online services, etc.).

15
Set your site private.

• Most social networking sites give you the ability
  to limit who can access your information.
• Move any concerning materials under the private
  portion of the site.
• Understand that joining networks or groups
  may give a lot of people access to your
  information.
• Remove anything that may cause you discomfort in
  the future.

16
Limit the personal information you post.

• Do not post information that would make you
  vulnerable (e.g., your address, information about
  your schedule or routine). If your connections
  post information about you, make sure the
  combined information is not more than you would
  be comfortable with strangers knowing.

17
Remember that the internet is a public place.

• Only post information you are comfortable with
  anyone seeing. This includes information in your
  profile and in blogs and other forums. Also, once
  you post information online, you can't retract
  it. Even if you remove the information from a
  site, saved or cached versions may still exist on
  other people's machines.

18
Be wary of strangers.

• The internet makes it easy for people to
  misrepresent their identities and motives.
  Consider limiting the people who are allowed to
  contact you on these sites. If you interact with
  people you do not know, be cautious about the
  amount of information you reveal or agreeing to
  meet them in person.

19
Be skeptical.

• Don't believe everything you read online. People
  may post false or misleading information about
  various topics, including their own identities.
  This is not necessarily done with malicious
  intent it could be unintentional, a product of
  exaggeration, or a joke. Take appropriate
  precautions, though, and try to verify the
  authenticity of any information before taken any
  action.

20
Check privacy policies.

• Some sites may share information such as email
  addresses or user preferences with other
  companies. This may lead to an increase in spam.
  Also, try to locate the policy for handling
  referrals to make sure that you do not
  unintentionally sign your friends up for spam.
  Some sites will continue to send email messages
  to anyone you refer until they join.

21
Examples of social networking issues.

• Specialized Search Engines.
• Identify what the person did wrong.
• Think about what they could have done better to
  protect themselves.
• Make sure you do not make the same mistakes.

22
Specialized Search Engines.

• Search engines specializing in finding people on
  multiple sites make finding personal information
  and correlating it easier then ever.
• Spock.com
• ZabaSearch.com
• Wink.com
• Spokeo.com

23
Examples to not follow.

• A couple notes
• Most of the following examples are made up based
  on real information found online.
• Many more serious examples can be found online
  but these focus on the common mistakes made on
  social networking sites.
• Yes there is a picture of me in a propeller
  beanie floating around out there.

24
The Family Emergency
The email to the boss.
25
The Family Emergency
The picture on face book.
26
Is it private?
27
Is it private?
28
Is it private?
29
Is it private?
30
Is it private?
31
Meet Joey Smith
32
Joey gets setup.

• Using the standard tools Joey setup a facebook
  page by filling out the default fields.
• He was excited to start being part of a community
  so he joined a couple networks.
• Planning to use his new site daily he added
  schedule information to help organize his life.

33
Basic Information
34
Personal Information
35
Contact Other Information
36
When will you be home?
37
To much information?
38
Does everyone need to know?
39
Adding Others.
40
Questions?

• Questions?
• Reference material used
• http//www.us-cert.gov/cas/tips/ST06-003.html

41
The University of Idaho
Thank you!