Web 2.0, that evolution from traditional applications to end-user-focused web applications, brings with it countless services and concepts. Some of them will be presented in this article.
by Osvaldo Callegari
The new transcendent milestone, a new communicational conception, security incorporates changes in philosophy.
The spectrum of applications in Web 2.0 is so broad that it is well worth saying an analogy with respect to the Internet; in reality it is a paradigm shift caused by the same users who need to be more and more communicated every day, that change is what produces the incorporation of new ideas on the great platform. Commercial voracity means that each person who communicates with another has the need to buy new products and solutions to be on the crest of the wave. That is why it is important to know which segments are useful for the company and on a personal level
Within the considerations we will separate by modules and by type of function all the components of Web 2.0 so that we can deepen each section.
Being a large expansion practically free of controls, given that the vast majority are open source applications, countries that understand that it is necessary to define standards for the security of Web 2.0 as is the case of England, have begun to establish methods and rules of operation of certain systems related to the area of education and learning.
The information authority is developing rules that allow greater security through the consensus of teaching organizations with their opinion.
AI is working to determine the best web-based platform on which people can cross information in online communities to discuss issues and better share their exercises.
"They see that developing a simple online system can connect people with people and information as a vital part of their work," says Dave Briggs, director of AI change, and "by establishing online communities in this medium you can give people the ability to work together and face the inconveniences that may arise."
Knowledge management through the medium is a big challenge and in the meantime there are one or two small existing platforms on which the user can share information, it suffers from other places to go. They have told entrepreneurial groups that incorporating new projects into Web 2.0 with the corresponding start-up and debugging is of great help in establishing new standards. The AI aims to establish a pilot test in the coming months so that all interested parties can test and give their opinion.
Additional AI information can be found in http://www.theia.org.uk
We can add that this technological leap is so abrupt that everything that was done locally is available, let's say in some way, around the world, at this point it is necessary to take the necessary precautions when migrating to 2.0, to be advised of which security tools are available, which have been tested and which are in the process of certification. This new universe forces us to make a new journey of conquest of technology now governed by users.
The number of services and concepts is so vast that it is necessary to dedicate several chapters to have an approximate idea of the scope, functions and benefits. Something that needs to be highlighted as a very important factor in Web 2.0 is the handling of video that has transformed the way we perceive images, since they are available anywhere and at any time.
We detail some important topics to keep in mind.
Additional Specifications
• The software: its installation is not necessary, the necessary tools to work are on the network, the standards of the sites limit the process and must be adapted to their formats.
• Storage of Blogs: on these sites you can have a free website with the permission to publish information, allowing the general public to express their opinions and answers.
• Online collaboration: there are several sites that allow you to build projects, documentation or participation such as Wikipedia, Youtube, Flickr, Delicio.us, digg, myspace.
• Updated procedures: in the beginning each user incorporated information of any form and quantity, new procedures were developed so that the management in general was organized.
• Security breaches: there is an urgent need to establish security strategies within the exchange of information, causing identity and information theft.
•Investment in security: security is vital in this type of technology, companies invest in products to protect their data and are reluctant to use the web in automated applications.
• Spread of viruses: inevitably these actors of crime could not be absent, with the exception that now they not only damage information but steal it for companies advertising products by spam.
• New collaborative networks: with communication and publication resources, users have established virtual communities where information is exchanged for learning or the development of projects in record time.
•Search engines version 2.0: search engines, such as Google, which has been purchased for internal use, whether for commercial, educational and or business purposes.
• Products that can be transformed into services: a portal, for example, can be a new tool for the company where it can be managed privately to carry out all its procedures throughout a country. It is possible to perform product invoicing, customer tracking, online sales and much more. The exchange of information is in real time.
•Search engines are ordered: this transition of information required search engines to be narrowed more by headings and sub-items to establish ordered searches.
• New concepts of Web 2.0: the need for users to have meetings and collaboration with the possibility of working on a scheme in the publication of information meant that there are multiple initiatives to create portals that handle diverse topics with the requirement of having an established order.
• Media convergence: Web 2.0 made today's media directly linked to each other, such as video, chats, forums, podcasts, radio stations.
Instant messaging
Instant messaging has grown very rapidly since companies have legitimized the method of communication for personal and business use.
IM applications are available on various platforms in a range ranging from traditional desktop computers to smartphones and personal agendas. This spread of IM usage can significantly increase security risks for organizations and users.
Attacks include variants of email worms, botnets that compromise each person's private information.
The overall risk of MI-related areas are:
•Malware
•Worms
•Virus
•Trojans
•Bots controlled via IRC (instant messaging channels)
Confidentiality of information
Data transferred through messaging channels may be affected by disclosure where it passes through several points before reaching its destination in its communication. Messages usually pass through networks and servers that are not under control. Some IM providers offer file sharing to remedy this scourge.
The file sharing process can leave duplicates of sensitive documents in users' folders after their session is over.
Excessive network attack, denial of services, overuse of the network can delegitimize the use.
Applications can be affected by vulnerabilities contained in IMs, which can seriously compromise systems.
It can be added that the vulnerabilities bring with them possible errors at the time of supporting the systems as well as their interfaces. Some IM applications can affect computer operating system processes by generating new classes of threats. Claiming that one module is called at a time, security processes are built at high levels of programming facilitating the creation of new threat vectors.
Mobile IM have more significant security risks associated with desktop IM programs, cell phones with IM often do not contemplate access protection keys or local encryption of stored data. The result is that masked attacks against IM emails and contacts are simple to implement from lost cell phones. The very nature of mobile phones complicates the implementation of security methods in line with wireless requirements.
The best known instant messengers (IM) are: AOL instant Messenger, ICQ, Jabber, MSN, Skype, Google Talk, Trillian and Yahoo! Messenger. The protocols they use are IRC, MSNP, OSCAR, SIMPLE, XMPP and YMSG among others.
Messaging systems are available on most operating systems.
How to protect yourself from vulnerabilities and unauthorized use of IM?
•Establish policies for acceptable use of messaging and ensure that all users apply those policies and clearly understand the potential risks.
•Establish policies for mobile use of the service, including password and encryption requirements.
•Create your own and standard settings so that users cannot transfer files.
•In general, users should not be allowed to install applications, this should be done by the systems area.
•Restrict administrative powers or superpowers on users with a rule of their privileges, create separate accounts for use in office hours, navigation established by permitted sites and control of online browsing.
•Ensure that application vendors submit their messaging-related update patches and the operating system patches themselves. Use antivirus and antispyware products.
•Do not use external instant messaging servers. Provide a commercial server similar to a Proxy or internal server.
• Create secure communications between reliable companies.
• Properly configure the paths of communications in a secure way, there are IM capable of establishing connections through masking in http.
•Install specific products for messaging security. Filter all traffic along an authentication server to provide additional filtering and or network monitoring capabilities.
•Block public access from external servers that have not been duly authorized.
•Block the most popular messaging ports.
•Create tunnels for IM channels.
• Make a confidentiality agreement with the associated companies so that they increase their interest in protecting the data on the external side.
•Use access control and or passwords to protect user sessions and or presentations.
In the next chapters we will comment on more vulnerabilities of Web 2.0
The trademarks and names mentioned in this article are trademarks and registered names of their respective companies, some of the concepts poured are authorized in writing by their author. Sans.org: organization for data security. IA: Informatión Authority, England.
* If you wish you can write to the author for doubts, queries or concerns on this topic write to [email protected]
