Who's really in your top 8: network security in the age of social networking

Abstract

Social engineering has been around for a long time, even at the college level. From the days when someone stood around a dormitory door waiting for someone else to open it, pretending to have forgotten his or her key, to today where virtually every college student has at least one online entity. Instant Messaging programs and Social Networking websites such as MySpace, Facebook, Ruckus, Friendster, LinkedIn, SecondLife, and even YouTube, encourage students to create online versions of themselves in an effort to share information and meet new people. While in theory this process may sound harmless, students are not only unwittingly allowing themselves to be targets of identity thieves, but they are also posing major security threats to university and college networks. In a recent class demonstration, it was shown how a simple homemade application can be launched unknowingly through Internet Explorer (IE) using Web2.0 to disable IE, even with security settings at a high level. If a simple homemade application can disable IE without the knowledge of the user, imagine what is being distributed through MySpace bulletins and comments. I intend to conduct interviews with security experts and surveys of college students, to show students they unknowingly open themselves, and their campus networks, to malicious attacks. With the proper security solutions in place at the network layer, along with much needed user education, the dangers posed by social engineering can be minimized.