Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security SIG August 19, 2010 Justin C. Klein Keane

Published byRoderick McCarthy Modified over 8 years ago

Similar presentations

Presentation on theme: "Security SIG August 19, 2010 Justin C. Klein Keane"— Presentation transcript:

1 Security SIG August 19, 2010 Justin C. Klein Keane jukeane@sas.upenn.edu

2 Identity Finder Identity Finder case study at http://www.educause.edu/Resources/IdentityFinderCaseStudy/206909 Identity Finder console is an important part of SAS deployment

3 IDF Console Runs on a Windows Server machine Requires a MS SQL back end Communicates with clients over port 80 Clients encrypt data to the server Reported issues with running connection over 443

4 Console Considerations Balance security and privacy  Collect no more data than you need!  Expect assumptions of big brother  It is possible to have multiple IDF configurations  Don't propagate toxic data  Be mindful of e-discovery and other legal requirements (HIPPA, FERPA, etc.)

5 Client Configuration Client installer must be bundled with rudimentary configuration Defaults for behavior IP address of server

6 Client Behavior Client will connect to server after installation to retrieve configuration Be sure client configs are system wide  If config is stored in userland it will get overwritten when the client is upgraded Client “checks in with console” and will report scan statistics Client communication to server is invisible

7 Client Considerations You may not want some features Some features may prove dangerous Licensing considerations when scanning shares Choose a safe place for Quarantine option Make sure users encrypt results How can you easily manage client configs?  The console

8 Console Features Policy definitions which can be assigned to groups Reporting on scans and remediation Tracking of client machines Global ignore lists to avoid repeat false positives

9 Using the Console Console interface is web based Requires Microsoft Silverlight plug-in in the latest editions Users can be assigned privileges to access and use the console

10 Console View

11 Historical Tracking

12 Generating Reports

13 Policy per Machine

14 Policy Controls Settings

15 Ignore Lists

16 User Settings

17 Encryption PGP (whole disk, file and folder, net share) TrueCrypt AxCrypt GPG Enigmail

18 PGP Commercial software Supported by PGP Universal Server Universal Serval allows for:  Key escrow and recovery  Public key lookup  Policy configuration and customization  Central registration authority when installing  Integration into AD structure

19 TrueCrypt - http://www.truecrypt.org Free Open Source Software (FOSS) Can do whole disk encryption for Windows Can do file volume encryption for Windows, Mac, and Linux Can do removable media encryption for Windows, Mac, and Linux (interoperably)  Allows USB stick encrypted to be used on any platform with TrueCrypt installed Version 7 has full GUI support on Linux

20 AxCrypt - http://www.axantum.com/axcrypt/ Free Open Source Software AES 128 bit key encryption Windows only (32 and 64 bit support) Supports encrypting files Can create self decrypting archives Does auto re-encryption Provides secure shredding Adds encrypt and shred to right click menu And more...

21 GPG Enigmail GPG is GNU Privacy Guard  Fully open source interoperable with PGP standard Available for Linux, Windows and Mac Can be used for key management, public key encryption, encrypting files and folders, and digital signatures

22 Enigmail Thunderbird Plugin Adds OpenGPG functions to email

23 Enigmail - Built in Key Manager

24 Enigmail - Features (and Drawbacks) Automatic encryption to recipients with keys Automatic decryption Digital signatures and verification Encryption/decryption of attachments Not the easiest system to understand or use Manual key distribution is burdensome

25 Issues with Encryption Key escrow for recovery in case user forgets a password is CRITICAL! Damage of encrypted store will totally destroy it Speed and efficiency is reduced Users have to understand how to use technology properly Most useful encryption is not transparent Does not protect data in use

Download ppt "Security SIG August 19, 2010 Justin C. Klein Keane"

Similar presentations

Erick Engelke Director, Engineering Computing January 10, 2010

Erick Engelke Director, Engineering Computing January 10, 2010
Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
WSUS Presented by: Nada Abdullah Ahmed.

WSUS Presented by: Nada Abdullah Ahmed.
PulseHR Time and Attendance software development and coding web development, web hosting IT project management and consulting www.pulsesoft.ro Str. Ghioceilor.

PulseHR Time and Attendance software development and coding web development, web hosting IT project management and consulting Str. Ghioceilor.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.

1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Security SIG: Introduction to Tripwire Chris Harwood John Ives.

Security SIG: Introduction to Tripwire Chris Harwood John Ives.
Deploying Tools for Cleaning Personal Information University of Pennsylvania School of Arts and Sciences Justin C. Klein Keane Sr. Information Security.

Deploying Tools for Cleaning Personal Information University of Pennsylvania School of Arts and Sciences Justin C. Klein Keane Sr. Information Security.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Patch Management Module 13. Module 2-421 You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.

Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.
VMware vCenter Server Module 4.

VMware vCenter Server Module 4.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.

Similar presentations

Ads by Google