Managing PII with Identity Finder - PowerPoint PPT Presentation


PPT – Managing PII with Identity Finder PowerPoint presentation | free to download - id: 2e645-NzMzY


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Managing PII with Identity Finder


Identity Finder searches the deepest recesses of a computer to locate and secure ... Email Mailboxes, PST's, MBOX, Tbird. IE & Firefox Cache ... – PowerPoint PPT presentation

Number of Views:304
Avg rating:3.0/5.0
Slides: 22
Provided by: uccsc200


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Managing PII with Identity Finder

Managing PII with Identity Finder
  • Paul Hanson
  • IET-Data Center and Client Services
  • University of California, Davis

  • What is PII and wheres the value?
  • What is Identity Finder?
  • Alternative Solutions
  • What can Identity Finder Scan?
  • How does Identity Finder handle the results?
  • Identity Finder Architecture
  • Architecture Overview
  • Client UI
  • INI Files
  • Custom MSI
  • Architecture Overview
  • Management Console
  • IET DCCS Implementation
  • IET DCCS Architecture
  • Lessons Learned
  • Breaking News
  • Questions

What is PII and wheres the value?
  • Cybersecurity (UC Davis)
  • Massachusetts 201 CMR 17.00
  • Protected Health Information (PHI)
  • Health Insurance Portability and Accountability
    Act (HIPAA)
  • FACT Red Flag Rules
  • Incident Response
  • Sysadmins may not know the data is there.

What is Identity Finder
  • Identity Finder searches the deepest recesses of
    a computer to locate and secure data that is
    vulnerable to identity theft - even when you
    dont know it exists. The information is then
    presented to you to permanently shred, quarantine
    to a secure location, or encrypt with a password.
  • Source http//
  • Primarily Supports Windows Mac
  • Feature rich
  • Continuously improving

Alternative Solutions
Identity Finder Architecture
  • Enterprise Client
  • Installed on the workstation/server does the
    heavy lifting
  • Management Console (Really just a reporting
  • Dedicated system running IIS w/MSSQL
  • OS Compatibility
  • Clients for Windows and Mac
  • Linux/Unix systems are scanned remotely

What can Identity Finder Scan?
  • Microsoft Office (Excel, PowerPoint, Word, and
    OneNote including 2007)
  • Adobe Acrobat PDF (including 9.x)
  • Cookies and instant messenger logs
  • HTML files (htm, asp, js, etc.)
  • Text files (ANSI, Unicode, Batch, Source code)
  • Rich text files (rtf format)
  • files within the My Documents folder of your
    personal computer
  • files anywhere on your personal computer
  • removeable hard drives connected to your PC
  • Create custom folder lists for seaching (ability
    to include and exclude subfolders)
  • compressed files (zip, gzip, bzip, tar, rar, and
  • Microsoft Access database files (including 2007)
  • Any other known or unknown file type Source

What else does Identity Finder scan?
  • Database connector
  • OLEDB (i.e., SQL, Oracle, Sybase, DB2, etc.)
  • Website crawler
  • Remote file shares (SMB, NFS, Samba)
  • Email Mailboxes, PSTs, MBOX, Tbird
  • IE Firefox Cache
  • AnyFind vs. Specific Values (e-discovery

What does Identity Finder do with the results?
  • Save as secured Identity Finder file (.idf)
    using FIPS 140-2 validated 256 bit AES
  • Save as HTML Summary Report
  • Choose specific information for custom reports to
    be saved
  • Save as Full Export into Comma Separated Value
  • Save as Executive Summary Report
  • Upload to Management Console
  • What about the hits?
  • Secure encrypts the file using FIPS 140-2
    validated 256 bit AES
  • Shred based on DOD 5220.22-M standard
  • Ignore
  • Quarantine Secures a copy of the file and
    shreds the original
  • Recycle same as the windows recycle bin. Not a
    secure method.
  • Will clean web browser cache registry

Architecture Overview
  • Client
  • Configuration
  • User Interface
  • INI Files
  • MSI Customization
  • Boot from CD
  • Management Console

Architecture Client UI
  • Main
  • What to Search for
  • Where to Search
  • Tools and Options
  • Settings
  • Scheduling

Architecture INI Files
  • Creating an INI File
  • Created in UI
  • Copied over
  • Run on demand or scheduled task
  • /jobmode /inifile.ini

Architecture Custom MSI
  • Creating the environment
  • Download Windows SDK (1.1GB for Vista)
  • Install Orca.msi
  • Add system variables
  • Extract MSI
  • Run lictomsi.cmd
  • Import Tables
  • Schtasks for all systems
  • Include Management Console phone home
  • No x64 bit support…. Yet.

Identity Finder Client
  • Lab

Architecture Management Console
  • Single server, dual purpose
  • WS2003/2008 (x86 or x64)
  • IIS6 or IIS7 w/Metabase compatibility
  • .Net Framework 3.5 SP1
  • Microsoft Report Viewer Redistributable 2008
  • Creates Client Registry Settings (x86 x64)
  • SQL 2005/2008 (Express, Std, Ent)
  • Certificates Encryption

IET DCCS Implementation
  • Powershell installation script
  • Started with custom MSI
  • x86 was fairly smooth
  • Users couldnt modify settings to rescan
  • x64 required some extra work
  • No support for x64 so had to use INI files anyway
  • Moved to INI files
  • No reason to support two methods
  • Users can tweak settings and rescan systems
  • Scans launched using the system account

IET DCCS Architecture
  • Mangement Console
  • Separate virtual systems for IIS SQL
  • Certificates
  • Clients
  • Leveraged Powershell to script installation
  • Verify connectivity to MC
  • Check system type
  • Include password check
  • Check for and uninstall previous versions
  • Import registry key for MC
  • Create INI
  • Delete old scheduled task
  • Schedule new scan

Lessons Learned
  • MC is a resource hog.
  • Nuances with schtasks.
  • Clients were configured to search for SSN CC
    but also pulled up Back Account information.
  • Be prepared for False-Positives.
  • Password check really slows down the scan.
  • When configured as background service, it will
    allocate the remaining resources.

Breaking News
  • Features in the next version of Identity Finder.

Identity Finder Management Console
  • Lab