2012年3月26日 星期一
Online Social Network Security
When it comes to security about computers and Internet, we often worried about the hackers stealing information and take advantages of the bugs and careless of people. But it is really different between this two points.
I read the information that from the website that professor recommended and found that the conventional security objectives is the service combined of different characteristics of Authentication ,Access control ,Data confidentiality, Data integrity,Non-repudiation .
What are the social network security objectives? This is quite a different view about the security and we should view that from different points. As mentioned in the lecture, we can see that privacy,integrity and availability are very important for social network security.
By comparing two different security service we find data integrity or integrity is the only wanted in both services and other are not very match to each other. Why would security service have such a difference in the two area? We first have more detail of them.
We now to see the 5 aspects of the conventioanl security. The first is authentication, we have two small parts about that peer entity and data original authentication. Which means that we should know the peer and data are both correct. The second is accsee control, which means that not all the people are allowed to access the souce. The third one is data confidentiality, which is used to describe protection of data from unauthorized disclosure. The forth one is data integrity, as see in the face, we should not allow others to change the data under any circumstances. The last one is non-repudiation, that says we cannot deny what we do in the past.
Then we moved to the social network security, we first see the privacy, this point is needed because in the social network, we have information in the network and do not want any one can see that, I think this point is similar to the point access control but not the same for accsee control is more concerned for damage from the outside. The second is integrity which also mentiond in the conventional security objective, this can also refer to that we should keep our data as a whole and not be changed by others. The last is availability, that is important for we should allow others to see what we want to show, if we cannot guarantee this one, the social network is meaningless. And for other characteres not mentioned, I think due to social network, they are not need for the not-repudiation is useless in the environment of social network security.
Here to give the case about the difference of why there is no authentication in social network security. I think we have the following reasones. Just first imaging a case: we want to accsee others blog and need a password! Does that a useful way? Absolute not, we should allow anyone can access our blog at any time.
So, we should not need the authentication in social network security.
訂閱:
張貼留言 (Atom)
The 5 aspects of the conventional security you mentioned should be taken into consideration. In addition, you give us a clear picture in terms of social network security facets. Excellent job and be benefit to our learning on this subject!
回覆刪除However, it may be difficult for users to cultivate the awareness of security issues. So do you have suggestions to popularize this sense?
It is really important for us to awareness the importance about security, for it really have a matter in our daily life. How to do it? I think the most esay and useful way is to put that as a course in school.
刪除Maybe adding security courses in school is a good way to do this. However, it is far from enough, I think it needs the focus of media and society to make this concept deep into users` mind.
刪除I think the authentication accounts for the owner himself/herself but not visitors. A recent new that China government had arrested 6 people who were suspected to distribute sensitive information on Weibo that have a detrimental effect for the societal harmony. So if some malicious guys steal steal the account information of others for distributing prohibited information online, how can the innocent people argue without the non-repudiation characteristics?
回覆刪除The authentication to access the social networking should be gained by owners, but we cannot guarantee that all the accounts are safety. We should use other ways to find if the people do the things against the law.
刪除Yes, something like a "code", which just known by you and your friends. It will be not only fun, but also make the social network a more security place!
刪除Nowadays,a new cheating method is revealed by victims which happens in the social network.Criminals monitor your replies to others' comments and record your daily habit and way of talking.After a certain time of preparation criminals pretend to be you and ask to borrow money from your friends or even or relatives.Criminals even cut off your image or voice to gain trust.So,it is really a big problem to keep your privacy and security.Cutting off relationships with strangers and keep connect with friends by phone and face-to-face may be good choices.
回覆刪除As we all know, nowadays security threats inside social networks are growing faster and faster. I think one of the most important reasons is that millions of people are putting out their personal and sensitive information on social networking platforms. I believe that privacy, which is one of security objectives in social networking platforms need more protection. All information and actions should be hidden unless the user himself wants to disclose it.
回覆刪除You mentioned about the conventional network security issues and social network security issues. Furthermore, you point out their differences.
回覆刪除I think, in the future, there will be more and more application online. It may beyond our imagination, so "security" should always developwith other applications and prepare for new challenges
Privacy on social network is very important because it involved tons of information. Information can be used for criminal purpose such as sender imposter. Someone may use this information to get your password, apply a credit card and use the card for payment. Although authentication takes time and annoying users or maybe make hesitate to users. In a nut shell, we have to balance convince and privacy.
回覆刪除Such as we have a password for ATM card to withdraw money but we also accept that no password for octopus auto add-value functions.