Security is so important! No one want his or her personal information "attacked" by any one.Security service is a service, provided by a layer of communicating open systems, which ensures adequate security of the systems or of data transfers as defined by ITU-T X.800 Recommendation.
X.800 and ISO 7498-2 (Information processing systems - Open systems interconnection – Basic Reference Model – Part 2: Security architecture) are technically aligned. This model is widely recognized.
We have theoretical definition about security,conventional network security includes[1]:
A. Authentication
a1. Peer entity authentication
a2. Data origin authentication
B. Access control
C. Data confidentiality
c1. Connection confidentiality
c2. Connectionless confidentiality
c3. Selective field confidentiality
c4. Traffic flow confidentiality
D. Data integrity
d1. Connection integrity with recovery
d2. Connection integrity without recovery
d3. Selective field connection integrity
d4. Connectionless integrity
d5. Selective field connectionless integrity
E. Non-repudiation
e1. Non-repudiation with proof of origin
e2. Non-repudiation with proof of delivery
A more general definition is in CNSS Instruction No. 4009 dated 26 April 2010 by Committee on National Security Systems of United States of America: [5]
A capability that supports one, or more, of the security requirements (Confidentiality, Integrity, Availability). Examples of security services are key management, access control, and authentication[2].
So, What are the social network security objective?Are they different? In fact, there are something different, they are:
1. Privacy
(a) user profile privacy
(b) communication privacy
(c) message confidentiality
(d) information disclosure
2. Integrity
3. Availability
From above, we can find some differences, like privacy, availability. These two are not included in conventional online network security. The conventional online network take more
factors into consideration, like access control, etc. For example, I have my personal information on social network website, like age, name, job, etc.. I want these items shared in my friends but no others I don't know. But, conventional network security don't focus on these.
Those I written are from Wikipedia and the lecture, also my own existing knowledge.
The social network security objectives are quoted from " lecture of week 10, slide 6-slide 10". The conventional network security part is quoted from Wikipedia.
The example I used is my own knowledge, some are my experience I get from social network website, like Weibo, Renren and Hoopchina.
According to your article, I have a comprehensive recognition about social network security, as well as the advantages comparing with conventional network security. I also want to know what kinds of attack when social network encounter hacker?
回覆刪除I think our profiles may be disclosured, important data may be misused by someone, which may arise some cheating online or else...
刪除So now do we have some advanced technologies to prevent these attacks happen?
刪除I agree that our personal information are public online easily, even though you already keep a good security settings from those platforms.
回覆刪除We should admit that all systems, technologies and software couldn’t achieve comprehensive level to prevent users from being attacked. Therefore, upgrading them is needed with the development of technology and requirements from users.
刪除Actually, it is hard for having authentication of user right now on the internet. I hope that we can have it after a few years like digital signatures.
回覆刪除Moreover, government should keep track the website owners that they will not distribute the personal information to third parties without permission of the owner.
Conventional security and social network security focuses on different aspects. Since social network orients users with true identity, it must consider more about privacy and availability of users' profiles. Security is important and social network security needs to be ensured more strongly because of the true users information on it. I hope my real data can be protected very well. But perhaps it is very hard to achieve.
回覆刪除In my opinion,one major difference is that we are actually persons in reality,yes,alive persons.However,when we enter the world of social network,we become a node,a symbol or a picture,a code to represent us.And this determines the difference concerning security and privacy.We need to identify who we are and it is not simple as bringing an ID card.After all,social network is a virtual world built on real world,and the more we need is to verify and validate the connection between the two world not being intruded or destroyed.
回覆刪除Security controls are safeguards or countermeasures to avoid, counteract or minimize security risks.We have different things to do at different time such as before event,during event and after event. We also provide Physical controls , Procedural controls ,Technical controls and logical access controls.And I wonder can we classify differnet level of security to different domain in your blog X.800 and ISO 7498-2 ?
回覆刪除Hi I think the hardest is "Authentication". As in the internet, you are hard to know who i am, specially social network.
回覆刪除Someone like social network because of lose. I heard from my friend, he enjoys to play Facebook,because no one will judge his idea. He can say every thing he wants. The behavior in the facebook does not affect people's slight in the real world.
What happens if we need authenticate you are you in the social network?Will it be attractive?
By viewing your blog, we can have a quick understand about social network security and the difference between it and conventional online security. It is quite easy for us to understand it by using your own experience as example. We should pay more attention to the security issues as it has large influence on our daily life.
回覆刪除In my opinion, a major difference is we in fact is the real people, yes, the living. However, as we move into the social network in the world, we become a node, a symbol or a picture, a code to represent us. This determines the different, about security and privacy. We need to decide who we are, and is not a simple brought the id card. After all, the social network is a virtual world based on the real world, and we need more of verification and validation of the relationship between the two world is not invading or destroyed.
回覆刪除I think it is a little bit contradiction on security and social network. Social network sometime will function as mass collaboration. As a mass collaboration, it focuses on the “mass”. Too many authentications just make users in annoying and ignore the warning issues. This trend also leads people try to not to concern any information they post on internet that may be used by “somebody”.
回覆刪除As a technique guy, we are careful on doing that but still posting some information that are potential hazard for us. As a general and without strong technical background user, they do not care any verification and validation anymore unless they have lost something.
You give out some concepts of social network security and conventional security. That is good to consider the evolution of security problem by comparison. I think security include two aspects, one is the security of the social network platform which not easy to control by individuals. For example, better solution for security should be incorporated by social network companies. But when you find out a bug by yourself, you may not have the authority to recode to improve it. The other is about actions which can be controlled by individuals. For example, you can set your website can not be detected by search engine to let it safer.
回覆刪除