Strategy: Social Network Security
Mismatch: Enterprise IT, Social Networks and Password Complexity
Social networks have recently hit a pinnacle of popularity: Facebook has reached 500 million users, and there are now an estimated 105 million people on Twitter. These sites are even outpacing technology that most of us take for granted, such as e-mail, according to a recent study by Nielsen Online. What that means for enterprise IT pros is that your employees are continuously sharing personal information with friends, acquaintances and total strangers. Social networks make money from information posted by their user bases, so there’s no percentage in promoting privacy. In fact, just before press time, U.S. representatives Edward Markey (D-MA) and Joe Barton (R-TX) dispatched a letter to Facebook CEO Mark Zuckerberg asking what the company knew, and when, about third-party applications sharing user data with marketers, and what the site planned to do to stop the leakage.
The fact is, even disclosure of nonsensitive personal information has a dark side. Studies—and recent privacy breaches—have shown that users of social networks choose poorly crafted passwords that can often be determined simply from information posted by the user. And, a number of tools and scripts beyond simple guessing techniques have been developed to help attackers determine a person’s password. These tools can be used in some cases to “brute force” the password on a social network service as well as other Web sites or enterprise services.
In this report, we’ll discuss the problem of inadvertent—and purposeful—information sharing by users of social networks and how to defend your network against related attacks. (B1991110)