*Check Jason's Weather*


Sunday, July 27, 2008

Web 2.0 Security Issues

In the next 3 posts, I will discuss Web 2.0 issues regarding security, ethics, and privacy. We tend to think of these Web 2.0 utilities as safe and harmless, but as this new technology leaks it's way into our schools and educational institutions, parents and the educational community grow more concerned about online safety and security.

I'll start with security.

When using Web 2.0 utilities, the number one security concern may be the staff itself. Staff training is necessary for effectivve implementation of any technology. If teachers sign up for membership without regard to privacy, ethics, or security, districts are at risk and have a daunting task of keeping the district network infrastructure secure. Teachers need to know the liabilities and risks associated with using software and online resources in the classroom. Many of the Web 2.0 applications require each end user to give personal information in order to use them. Parents also need to be aware of the information exchange happening at school as well.

It's important to review pertinent sections of your organization's technology plan. My school district does not have a specific security plan written into its tech plan, but it does have an internet user agreement opt-out form that is offered each school year. If parents don't sign, the assumption is that they grant schools permission to allow their child to use the internet for educational purposes. When teachers conduct internet projects with their students, it's a good idea to send a note home explaining the project and to inform parents of educational purpose of such projects. Additionally, at the beginning of the year, it's a good idea to discuss any security issues the district software may have. Throughout the course of the year, if new software is introduced, a similar conversation should take place.

A second security concern using Web 2.0 applications is the ability for hackers to break into these web applications and using them to infiltrate your computer. For example,"the newer forms of attacks take advantage of Web sites with rich content and
features: AJAX-enabled applications, embedded JavaScript and so on. These aren't really new technologies, but they're more pervasive now^' says Fciul Ferguson, network architect at Trend Micro. "And with [components like] Google Maps, where the processing is done on the PC instead of on the Web page, criminals are exploiting that avenue of content delivery The ability for Web 2.0 applications to deliver
that content is a Catch-22, because it also can allow you to be exploited." (networkworld, 2007)

Another example comes from Pfizer's network security breach using P2P file sharing software. Peer 2 Peer file sharing software allows users to share files on their hard drive via the internet. In the case of Pfizer, an employee mistakenly allowed hackers access to 17,000 of the employee's social security numbers. P2P software is prone to security breaches. For example if a music file is placed into a folder with sensitive documents, the software will scan PCs and recommend folders with media files for download (Computer World, 2007).

Web 2.0 is a wonderful and powerful resource for the business and education communities. However, proper employee and student training and awareness of the security risks will be necessary to ensure these mistakes don't happen in the future.

Web 2.0 security links:

Top 10 Web 2.0 Attack Vectors
http://www.net-security.org/article.php?id=949

Web 2.0 Security
http://www.net-security.org/article.php?id=1108

The security risk in Web 2.0
http://news.cnet.com/The-security-risk-in-Web-2.0/2100-1002_3-6099228.html

No comments: