Sunday, November 11, 2012

Vulnerabilities To Be Addressed To Safely Utilize Online Social Networking: Network Safety

Utilization of social networking sites over untrusted network infrastructure can result in account compromise, privacy compromise, or even system compromise. Unsecured Wi-Fi, a LAN with a hostile workstation (such as a hotel or an intranet with a compromised host on it), and a malicious router can all create hostile network conditions. Once the traffic on the wire cannot be trusted, an attacker could change in transit the link that a friend posted and the user wants to follow. They could change the poster’s upload such that the executable they are attempting to share is actually a trojan horse. A user’s communications can be eavesdropped on to sniff out the private data that is being posted, or even sniff out credentials if they are sent unencrypted, as was the case for the first two years of Facebook. (Mensch & Wilkie, 2011)

With ISP and Internet backbone infrastructure typically being considered trusted, most network accesses will not be reasonably unsafe, leading to this vulnerability to be low risk. The damage at risk during an incident is extremely high, but the likelihood of an incident is small, averaged across all accesses to the social network. When only addressing reasonable unsafe networks, the risk escalates to high.

Untrusted network situations are severe risks for social networking users, especially as a lot of social networking sites still utilize HTTP. Confidentiality is stripped away when eavesdroppers can view and record your plaintext communications with the site. Integrity is lost if routers, legitimate or spoofed, can perform in-transit packet modification. Dropped packets, TCP-reset injections, and wireless jamming are all methods that the untrusted network can impact the availability of the social networking service.

Outside of the implausible command to only utilize trusted infrastructure, the policy recommendations which prevent some of the problem, loss of confidentiality, is to use a VPN to connect to a mostly trusted infrastructure and then still only use social networking sites that can use HTTPS. The damage to integrity can be changed to the less damaging loss of availability by a signed and encrypted protocol. It doesn't prevent a hostile router from modifying the packets, but it will keep the other end from accepting them as clean.

Mensch, S., & Wilkie, L. (2011). INFORMATION SECURITY ACTIVITIES OF COLLEGE STUDENTS: AN EXPLORATORY STUDY. Academy of Information and Management Sciences Journal, 14(2).

Vulnerabilities To Be Addressed To Safely Utilize Online Social Networking

No comments:

Post a Comment