Download presentation
Presentation is loading. Please wait.
Published byRoderick McCarthy Modified over 9 years ago
1
Security SIG August 19, 2010 Justin C. Klein Keane jukeane@sas.upenn.edu
2
Identity Finder Identity Finder case study at http://www.educause.edu/Resources/IdentityFinderCaseStudy/206909 Identity Finder console is an important part of SAS deployment
3
IDF Console Runs on a Windows Server machine Requires a MS SQL back end Communicates with clients over port 80 Clients encrypt data to the server Reported issues with running connection over 443
4
Console Considerations Balance security and privacy Collect no more data than you need! Expect assumptions of big brother It is possible to have multiple IDF configurations Don't propagate toxic data Be mindful of e-discovery and other legal requirements (HIPPA, FERPA, etc.)
5
Client Configuration Client installer must be bundled with rudimentary configuration Defaults for behavior IP address of server
6
Client Behavior Client will connect to server after installation to retrieve configuration Be sure client configs are system wide If config is stored in userland it will get overwritten when the client is upgraded Client “checks in with console” and will report scan statistics Client communication to server is invisible
7
Client Considerations You may not want some features Some features may prove dangerous Licensing considerations when scanning shares Choose a safe place for Quarantine option Make sure users encrypt results How can you easily manage client configs? The console
8
Console Features Policy definitions which can be assigned to groups Reporting on scans and remediation Tracking of client machines Global ignore lists to avoid repeat false positives
9
Using the Console Console interface is web based Requires Microsoft Silverlight plug-in in the latest editions Users can be assigned privileges to access and use the console
10
Console View
11
Historical Tracking
12
Generating Reports
13
Policy per Machine
14
Policy Controls Settings
15
Ignore Lists
16
User Settings
17
Encryption PGP (whole disk, file and folder, net share) TrueCrypt AxCrypt GPG Enigmail
18
PGP Commercial software Supported by PGP Universal Server Universal Serval allows for: Key escrow and recovery Public key lookup Policy configuration and customization Central registration authority when installing Integration into AD structure
19
TrueCrypt - http://www.truecrypt.org Free Open Source Software (FOSS) Can do whole disk encryption for Windows Can do file volume encryption for Windows, Mac, and Linux Can do removable media encryption for Windows, Mac, and Linux (interoperably) Allows USB stick encrypted to be used on any platform with TrueCrypt installed Version 7 has full GUI support on Linux
20
AxCrypt - http://www.axantum.com/axcrypt/ Free Open Source Software AES 128 bit key encryption Windows only (32 and 64 bit support) Supports encrypting files Can create self decrypting archives Does auto re-encryption Provides secure shredding Adds encrypt and shred to right click menu And more...
21
GPG Enigmail GPG is GNU Privacy Guard Fully open source interoperable with PGP standard Available for Linux, Windows and Mac Can be used for key management, public key encryption, encrypting files and folders, and digital signatures
22
Enigmail Thunderbird Plugin Adds OpenGPG functions to email
23
Enigmail - Built in Key Manager
24
Enigmail - Features (and Drawbacks) Automatic encryption to recipients with keys Automatic decryption Digital signatures and verification Encryption/decryption of attachments Not the easiest system to understand or use Manual key distribution is burdensome
25
Issues with Encryption Key escrow for recovery in case user forgets a password is CRITICAL! Damage of encrypted store will totally destroy it Speed and efficiency is reduced Users have to understand how to use technology properly Most useful encryption is not transparent Does not protect data in use
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.