Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security SIG August 19, 2010 Justin C. Klein Keane

Published byDuane Francis Jennings Modified over 9 years ago

Similar presentations

Presentation on theme: "Security SIG August 19, 2010 Justin C. Klein Keane"— Presentation transcript:

1 Security SIG August 19, 2010 Justin C. Klein Keane jukeane@sas.upenn.edu

2 Identity Finder Identity Finder case study at http://www.educause.edu/Resources/IdentityFinderCaseStudy/206909 Identity Finder console is an important part of SAS deployment

3 IDF Console Runs on a Windows Server machine Requires a MS SQL back end Communicates with clients over port 80 Clients encrypt data to the server Reported issues with running connection over 443

4 Client Configuration Client installer must be bundled with rudimentary configuration Defaults for behavior IP address of server

5 Client Behavior Client will connect to server after installation to retrieve configuration Be sure client configs are system wide  If config is stored in userland it will get overwritten when the client is upgraded Client “checks in with console” and will report scan statistics Client communication to server is invisible

6 Console Features Policy definitions which can be assigned to groups Reporting on scans and remediation Tracking of client machines Global ignore lists to avoid repeat false positives

7 Using the Console Console interface is web based Requires Microsoft Silverlight plug-in in the latest editions Users can be assigned privileges to access and use the console

8 Console View

9 Historical Tracking

10 Generating Reports

11 Policy per Machine

12 Policy Controls Settings

13 Ignore Lists

14 User Settings

15 Encryption PGP (whole disk, file and folder, net share) TrueCrypt AxCrypt GPG Enigmail

16 PGP Commercial software Supported by PGP Universal Server Universal Serval allows for:  Key escrow and recovery  Public key lookup  Policy configuration and customization  Central registration authority when installing  Integration into AD structure

17 TrueCrypt - http://www.truecrypt.org Free Open Source Software (FOSS) Can do whole disk encryption for Windows Can do file volume encryption for Windows, Mac, and Linux Can do removable media encryption for Windows, Mac, and Linux (interoperably)  Allows USB stick encrypted to be used on any platform with TrueCrypt installed Version 7 has full GUI support on Linux

18 AxCrypt - http://www.axantum.com/axcrypt/ Free Open Source Software AES 128 bit key encryption Windows only (32 and 64 bit support) Supports encrypting files Can create self decrypting archives Does auto re-encryption Provides secure shredding Adds encrypt and shred to right click menu And more...

19 GPG Enigmail GPG is GNU Privacy Guard  Fully open source interoperable with PGP standard Available for Linux, Windows and Mac Can be used for key management, public key encryption, encrypting files and folders, and digital signatures

20 Enigmail Thunderbird Plugin Adds OpenGPG functions to email

21 Built in Key Manager

22 Features (and Drawbacks) Automatic encryption to recipients with keys Automatic decryption Digital signatures and verification Encryption/decryption of attachments Not the easiest system to understand or use Manual key distribution is burdensome

23 Issues with Encryption Key escrow for recovery in case user forgets a password is CRITICAL! Damage of encrypted store will totally destroy it Speed and efficiency is reduced Users have to understand how to use technology properly Most useful encryption is not transparent

Download ppt "Security SIG August 19, 2010 Justin C. Klein Keane"

Similar presentations

Erick Engelke Director, Engineering Computing January 10, 2010

Erick Engelke Director, Engineering Computing January 10, 2010
Introducing FailSafeSolutions Online Backup Software.

Introducing FailSafeSolutions Online Backup Software.
Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
PulseHR Time and Attendance software development and coding web development, web hosting IT project management and consulting www.pulsesoft.ro Str. Ghioceilor.

PulseHR Time and Attendance software development and coding web development, web hosting IT project management and consulting Str. Ghioceilor.
Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.

Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.
SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)

SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.

1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Deploying Tools for Cleaning Personal Information University of Pennsylvania School of Arts and Sciences Justin C. Klein Keane Sr. Information Security.

Deploying Tools for Cleaning Personal Information University of Pennsylvania School of Arts and Sciences Justin C. Klein Keane Sr. Information Security.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
VMware vCenter Server Module 4.

VMware vCenter Server Module 4.
» Explain the way that electronic mail (e-mail) works » Configure an e-mail client » Identify e-mail message components » Create and send e-mail messages.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
Security SIG August 19, 2010 Justin C. Klein Keane

Security SIG August 19, 2010 Justin C. Klein Keane
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.

Similar presentations

Ads by Google