In the world of social networking, security is essential. You wouldn’t want your identity compromised would you? Perhaps a major news outlet’s Facebook account is compromised; this can be detrimental and extremely embarrassing for the entity. We can all imagine the outcome of such an event. But what about the average person? While your identity can’t be completely compromised via the social web, you can have often embarrassing information posted to your profile without your consent. A few years back on MySpace, you would repeatedly see unauthorized bulletin posts. People would unknowingly give out their password to a third party, thus allowing the third party to post unsolicited items on that particular profile. To combat this, MySpace implemented notifications that you where being directed off-site, and this issue virtually ceased. Today, you really don’t see compromises of that nature anymore.

This being said, Social networking has the uncanny ability to inform your average user of certain security flaws inside and outside the social web. Does it mean it’s their responsibility? Not necessarily, but things like unnecessary bandwidth consumption were introduced with those security flaws. Essentially, that means more money and energy wasted; no responsible business would condone such a practice.

Roughly a year ago another serious Adobe Flash exploit was discovered. Noticing this, I quickly configured the Noscript plugin on Mozilla Firefox to block flash. A few weeks later I was surprised that MySpace practically forced users to download the new version of Adobe Flash player. If you didn’t do it, you couldn’t listen to any music. The many audiophiles I know, myself included, happily accepted the update.

Social networking has a huge role in how society functions today. It can also play an informative role in maintaining a secure system.  That being said, should administrators of social networking entities inform the average person of security flaws that can impact anything outside the social web? If changes like this where implemented, I’m sure the web would be a slightly more secure place. And who wouldn’t want that?

Related Posts

• Google+
• A Website for the Rest of Us
• Social Networking – A Private Playground?
• Does Social Networking = More Business?
• Social Networking and Your Blog
• Disconnecting in a Connected World
• Being Disconnected in a Connected World
• Focus Theft
• Facebook, the next generation in: Web application development?
• What is Corporate Transparency?

So, what is system security? Systems security is much like the security we are used to in everyday life like keys, locks, security alarms, security guards, etc. Basically, system security is a set of impediments purposely placed to restrict access to sensitive or critical data to only those who have proper permission to access it. Think of data as your jewelry at home and system security as the doors, locks, alarm system, and safe that keep that jewelry protected.

• System security is comprised of several layers which include physical, network, pre-system, operating system, software, application, and backend.

• The physical layer of security is much like the locks and keys everyone is used to. This layer of security ensures that only authorized personnel can physically access the system.

• Network security ensures the network itself is secure and cannot be listened in on or tapped into.

• Pre-system security includes physical hardware that sits between the system being secured and the end user. These solutions include technologies liked firewalls and Intrusion Detection Systems (IDS) which prevent harmful attempts to access data from happening before the system is even reached.

• Operating System security includes maintaining security patches, using proper file security, and maintaining secure passwords and usernames.

• Software security includes virus scanners, mal-ware scanners, and software firewall solutions. These technologies should be active scanning solutions that continually monitor the system for unauthorized access.

• Application security is the level of security in specific applications running on a system. For example, if you have code in your website application that allows a hacker to upload and execute programs, then all the previous levels of security would be thwarted. Solutions in this area require application security specialists as well as third party application scanning and testing.

• The final layer is backend security which ensures that access to and from the backend systems such as databases is secure.

Next, how much security should I use? The first thing you should know is that any system can be compromised. This is true in the physical world where any safe can be cracked and any physical object stolen with right amount of resources. Since security is only intended to make it more difficult to access data, the amount of security used is based on the need to secure that data. The higher the sensitivity and criticality of the data, the greater the need for security measures. The goal is to make it not worth the effort to the intruder to access the data. However, you can be over-secure. Some systems administrators think that no matter the data, all security measure should be taken.  This is analogous to installing re-enforced metal doors and bared windows with high tech surveillance equipment and 24-hour guard service at every house that has a single dollar bill in it. Obviously, this is not cost effective and makes it a real pain to get into your own home. But, you must also be careful not to be under-secure. You don’t want you leave the Mona Lisa behind a child-lock door. The right amount of security to use can be tough to determine but it should place an appropriate number of impediments in front of the data for the level of sensitivity and criticality without hampering the ability of those who need to access or administer the data.

Finally, what are the limitations to system security? Microsoft TechNet released an article entitled “10 Immutable Laws of Security” which can be found at http://technet.microsoft.com/en-us/library/cc722487.aspx . This article outlines the laws of security which also outlines security’s limitations. One major law is that weak passwords trump strong security. This means that if you use dictionary words for passwords or if you keep them laying out in the open for people to see, no amount of security measures will keep someone out of the system. A second notable law is that security is only as strong as your system administrator is trustworthy. System administrators have unparalleled access to systems and if they are untrustworthy they can let others in intentionally or unintentionally. The final and my most favorite law is that technology is not a panacea. Basically, you can’t only rely on technology solutions to maintain security. Antivirus programs could miss one, IDS systems could go down leaving the system vulnerable, or a security application may crash. No solution is perfect, but a mixture of technology and good systems administration can greatly ensure your data is safe.

It is important that executives and systems administrators alike be able to understand these security concepts first before purchasing and implementing security solutions for their systems. A basic understanding of what security is, how much you should use, and what its limitations are can go a long way in saving a company time and money and saving a system administrator long hours and headaches. While the only 100% secure system is one that doesn’t exist, with the right amount of security your data can be reasonably protected.

Related Posts

• Secure Social Society?