Download presentation
Presentation is loading. Please wait.
Published bySharon Kimpton Modified over 10 years ago
1
1 Identifying and Encrypting Personal Information Using Cornell Spider and Pointsec for PC Benjamin Stein Doreen Meyer cybersecurity@ucdavis.edu
2
2 Overview What is personal information? Searching for personal information using Cornell Spider Mitigating risk of exposure of personal information Encryption Policy, Encryption Options Whole disk encryption using Pointsec for PC Questions
3
Personal Information and HIPAA HIPAA: Health Information Portability and Accountability Act Psychological Services Medical Records http://www.hhs.gov/ocr/hipaa/ 3
4
Personal Information: CA SB1386 and Civil Code 1798 Account access number and password Bank/financial account number California identification card number Credit/debit card number Drivers license number Social Security number http://www.privacy.ca.gov/code/ipa.htm 4
5
Personal Information: FERPA Family Education Rights and Privacy Act of 1974 (FERPA) Class level, class schedule, academic status, grades, instructors, transcripts Student ID number, Social Security number Fees paid, loan collection records, financial aid records, etc. http://www.ed.gov/policy/gen/guid/fpco/ferpa/ind ex.htmlhttp://www.ed.gov/policy/gen/guid/fpco/ferpa/ind ex.html 5
6
Searching for personal information Data focus: credit card numbers and Social Security numbers UCD supported products: Cornell Spider and PowerGREP 6
7
Mitigating Risk of Exposure of Personal Information Higher cost (time, tools) for administering a system containing personal information. IET supports the Cyber-safety program and a number of tools that assist in protecting personal information, including Tripwire, Spider/PowerGREP, self-directed Nessus scans, and Pointsec. 7
8
Maintain a list of systems containing sensitive data Catalog the system name, IP, owner, type of service running on the system, type of sensitive data residing on the system Share this information with the technical support staff and the unit administrative managers Confirm and update this information on a regular basis 8
9
Monitor when the data is accessed or modified Use Tripwire to identify file and directory changes. Write logs to a central logging server (syslogng, snare, MOM). Turn on auditing of successful and unsuccessful logins. Read your logs on a regular basis. 9
10
Restrict access to the system and its sensitive data No group accounts (cannot audit access) Access system and data using encrypted protocols such as ssh (sftp, scp), ssl (https), rdp, ipsec Evaluate physical security Use host-based and hardware firewalls 10
11
Use, share, or transfer restricted data in a safe manner Do not use email to send unencrypted restricted data. Do not use restricted data as a key in a database. Do not use restricted data on a test or development system. When sharing restricted data, ensure that users are aware that the data should be handled carefully and in compliance with policies. 11
12
Cornell Spider Demo 12
13
Encryption Policy UC Davis whole disk encryption policy draft: http://security.ucdavis.edu/encryption_policydraft.pdf http://security.ucdavis.edu/encryption_policydraft.pdf UCOP protection of personal information policies: http://www.ucop.edu/irc/itsec/infoprotect.html http://www.ucop.edu/irc/itsec/infoprotect.html 13
14
Encryption Options Windows OS 14 TASKProductCentral Key Whole disk encryption Pointsec for PCYes Files and directories Pointsec ME, standalone EFS No Files and directories Active directory EFS Yes Files and directories truecryptNo Whole disk encryption for Vista bitlockerNo ?
15
Encryption Options Mac OSX 15 TaskProductCentral Key Encrypt home directory as a single encrypted disk image FileVaultNo Whole disk encryption or file encryption Commercial PGPYes Whole disk encryption or file encryption gnupgNo
16
Encryption Options Linux 16 TaskProductCentral Key Whole disk encryption Pointsec for LinuxYes Whole disk encryption, files and directories Commercial PGPYes Whole disk encryption, files and directories gnupgNo
17
Pointsec for PC at UCD http://security.ucdavis.edu/encryption.cfm 17
18
18 Pointsec for PC If a drive is lost or stolen, the encrypted partitions and everything on them are reasonably secure. Meets certain legal requirements
19
19 What it isnt Pointsec for PC is not a complete encryption solution –Currently limited to 2000 and XP –Only encrypts partitions –Does not encrypt network drives
20
20 Features Whole disk encryption Multiple user access Configuration options Recovery tools Enterprise management –Logging –Enforceable policies –Permissions
21
21 Experience Login screen at boot System tray icon Transparent to OS Minimal performance impact
22
22 Example:
23
23
24
System Tray Icon: While encrypting: Fully encrypted: 24
25
25 How to install Available to individuals and departments Check requirements Request license from IET Security Decide on default or custom configuration Get install media Return recovery file After encryption completes return log file
26
26 Requirements Windows 2000, XP and Vista soon No dual boot No servers No fancy disk configurations
27
27 Preparing the System Backup! Defrag Scan for viruses, etc Uninstall and disable the unnecessary services Check the disk(s)
28
28 Installing the Software Use administrative account Launch installer Reboot Login to Pointsec Login to OS Grab recovery file Encryption begins
29
Demo 29
30
30 Encryption Process Encryption proceeds at 10-20GB/hr Depends on disk size not amount of data System can be used, shut down or rebooted After encryption completed grab log file
31
31 Support Remote password reset Managing users Uninstall Updates and upgrades Recovery disk Barts disk
32
32 Remote Password Reset Depends on accounts name and password or certificate Challenge and response Also one-time for forgotten tokens
33
33
34
34 Managing Users Types of users –Normal, Service, Temp Types of permissions –Privileged and plain permissions Creating additional users
35
35 Uninstall Requires two accounts with rights Can be faster to clone or recover than decrypt
36
36 Updates, Upgrades and Reinstalls Updates –Change users, passwords, certs or settings Upgrades –Major product upgrade? Reinstalls –Add additional partitions or disks
37
37 Recovery Disk Create from recovery file or target computer Requires two admin accounts Decrypts
38
38 Barts PE with Plug-in Requires version specific plug-in Must boot and login Ctrl + F10 for alternative boot menu Barts then has full access to disk
39
39 Customizing Default configuration will meet most needs, however, there are lots of options… Configuration worksheet Alternative profiles
40
40
41
41 UCLA beat USC Final score 13 - 9
42
42 Review Whole Disk Encryption Low overhead Quick default install Support options Highly customizable
43
43 Additional Resources Product documentation Pointsec 24 x 7 tech support IET: cybersecurity@ucdavis.edu
44
Questions & Answers 44
45
45
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.