Propuesta metodológica para la evaluación de seguridad de usuarios de redes sociales con relación a ataques de ingeniería social

Abstract

Abstract Network services on the Internet allow people to communicate through different types of interactions among individuals or organizations. Such interactions have permitted several social networks to increase their number of users continually to reach the point that most of the people have a profile on at least one of them. This wide use tent to cause security problems among users, which arise from the information they publish and share with the help of these networks, making them easy targets for breaches of privacy and social engineering attacks. Although there is a lot of research that help determine security vulnerabilities in these types of applications, little has been discussed about the topic of Social Engineering and the awareness towards the exposition of user personal data of these applications. This work presents a model that allows analysis of actions of a user on a social network. The actions of a user can put at risk not only their but also an organization security since this may allow the accomplishment of possible attacks using techniques of social engineering. In order to verify the feasibility of the model, a case study has been applied, carrying out verifications of the actions in user profiles that belong to an organization. To support the model, a methodology of evaluation of the security of users on social networks has been proposed, focused on correcting problems encountered. The results have shown that the proposal allows to reduce the risk of users as well as the organization attacks of social engineering.