Social Network Security
By Esther Shein
Social networking sites are designed to let people reach out to one another. As virtual communities of professions and connections to experts, they can be valuable business resources. But these very interactions that make networking sites valuable are the same ones that can leave corporate networks vulnerable to IT security breaches.
This is becoming an issue as several virtual communities have sprung up that are geared to business executives. These include Ryze, Xing (formerly OpenBc), Ecademy, Hoover's Connect, Spoke and Vshake.
"They definitely pose a problem," says Andre Protas, a researcher at eEye Digital Security Inc., an enterprise security software and research firm in Aliso Viejo, Calif. "Most of these websites were not created with security in mind.''
Often, these types of communications paths bypass security measures that have been put in place to protect the enterprise, such as firewalls, IDS/IPS, personal firewalls and gateway anti-virus systems, adds Doug Howard, chief operating officer at BT Counterpane, a security firm in Chantilly, Va. "Through peer-to-peer and other technologies that bypass corporate security, you create additional risk for an enterprise."
Protas says he's seen "a proliferation of vulnerabilities" on social networking sites recently. A case in point: the worm that targeted MySpace users, changing the links of their home pages and redirecting them to phishing sites. "That was a pretty serious first punch to MySpace and to social networking sites in general,'' he says. (article continues)
Next Page >>
