Managing PII with Identity Finder - PowerPoint PPT Presentation

Loading...

PPT – Managing PII with Identity Finder PowerPoint presentation | free to download - id: 2e645-NzMzY



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Managing PII with Identity Finder

Description:

Identity Finder searches the deepest recesses of a computer to locate and secure ... Email Mailboxes, PST's, MBOX, Tbird. IE & Firefox Cache ... – PowerPoint PPT presentation

Number of Views:304
Avg rating:3.0/5.0
Slides: 22
Provided by: uccsc200
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Managing PII with Identity Finder


1
Managing PII with Identity Finder
  • Paul Hanson
  • IET-Data Center and Client Services
  • University of California, Davis

2
Agenda
  • What is PII and wheres the value?
  • What is Identity Finder?
  • Alternative Solutions
  • What can Identity Finder Scan?
  • How does Identity Finder handle the results?
  • Identity Finder Architecture
  • Architecture Overview
  • Client UI
  • INI Files
  • Custom MSI
  • Architecture Overview
  • Management Console
  • IET DCCS Implementation
  • IET DCCS Architecture
  • Lessons Learned
  • Breaking News
  • Questions

3
What is PII and wheres the value?
  • Cybersecurity (UC Davis)
  • Massachusetts 201 CMR 17.00
  • Protected Health Information (PHI)
  • Health Insurance Portability and Accountability
    Act (HIPAA)
  • FACT Red Flag Rules
  • Incident Response
  • Sysadmins may not know the data is there.

4
What is Identity Finder
  • Identity Finder searches the deepest recesses of
    a computer to locate and secure data that is
    vulnerable to identity theft - even when you
    dont know it exists. The information is then
    presented to you to permanently shred, quarantine
    to a secure location, or encrypt with a password.
  • Source http//www.identityfinder.com/Products/Ide
    ntity_Finder.html
  • Primarily Supports Windows Mac
  • Feature rich
  • Continuously improving

5
Alternative Solutions
6
Identity Finder Architecture
  • Enterprise Client
  • Installed on the workstation/server does the
    heavy lifting
  • Management Console (Really just a reporting
    server)
  • Dedicated system running IIS w/MSSQL
  • OS Compatibility
  • Clients for Windows and Mac
  • Linux/Unix systems are scanned remotely

7
What can Identity Finder Scan?
  • Microsoft Office (Excel, PowerPoint, Word, and
    OneNote including 2007)
  • Adobe Acrobat PDF (including 9.x)
  • Cookies and instant messenger logs
  • HTML files (htm, asp, js, etc.)
  • Text files (ANSI, Unicode, Batch, Source code)
  • Rich text files (rtf format)
  • files within the My Documents folder of your
    personal computer
  • files anywhere on your personal computer
  • removeable hard drives connected to your PC
  • Create custom folder lists for seaching (ability
    to include and exclude subfolders)
  • compressed files (zip, gzip, bzip, tar, rar, and
    z)
  • Microsoft Access database files (including 2007)
  • Any other known or unknown file type Source
    http//www.identityfinder.com/Products/Identity_Fi
    nder_Feature_List.html

8
What else does Identity Finder scan?
  • Database connector
  • OLEDB (i.e., SQL, Oracle, Sybase, DB2, etc.)
  • Website crawler
  • HTTP or HTTPS
  • Remote file shares (SMB, NFS, Samba)
  • Email Mailboxes, PSTs, MBOX, Tbird
  • IE Firefox Cache
  • AnyFind vs. Specific Values (e-discovery
    requests)

9
What does Identity Finder do with the results?
  • Save as secured Identity Finder file (.idf)
    using FIPS 140-2 validated 256 bit AES
  • Save as HTML Summary Report
  • Choose specific information for custom reports to
    be saved
  • Save as Full Export into Comma Separated Value
    format
  • Save as Executive Summary Report
  • Upload to Management Console
  • What about the hits?
  • Secure encrypts the file using FIPS 140-2
    validated 256 bit AES
  • Shred based on DOD 5220.22-M standard
  • Ignore
  • Quarantine Secures a copy of the file and
    shreds the original
  • Recycle same as the windows recycle bin. Not a
    secure method.
  • Will clean web browser cache registry

10
Architecture Overview
  • Client
  • Configuration
  • User Interface
  • INI Files
  • MSI Customization
  • Boot from CD
  • Management Console
  • IIS SQL

11
Architecture Client UI
  • Main
  • What to Search for
  • Where to Search
  • Tools and Options
  • Settings
  • Scheduling

12
Architecture INI Files
  • Creating an INI File
  • Created in UI
  • Copied over
  • Run on demand or scheduled task
  • /jobmode /inifile.ini

13
Architecture Custom MSI
  • Creating the environment
  • Download Windows SDK (1.1GB for Vista)
  • Install Orca.msi
  • Add system variables
  • Extract MSI
  • Run lictomsi.cmd
  • Import Tables
  • Schtasks for all systems
  • Include Management Console phone home
  • No x64 bit support…. Yet.

14
Identity Finder Client
  • Lab

15
Architecture Management Console
  • Single server, dual purpose
  • WS2003/2008 (x86 or x64)
  • IIS6 or IIS7 w/Metabase compatibility
  • .Net Framework 3.5 SP1
  • Microsoft Report Viewer Redistributable 2008
  • Creates Client Registry Settings (x86 x64)
  • SQL 2005/2008 (Express, Std, Ent)
  • Certificates Encryption

16
IET DCCS Implementation
  • Powershell installation script
  • Started with custom MSI
  • x86 was fairly smooth
  • Users couldnt modify settings to rescan
  • x64 required some extra work
  • No support for x64 so had to use INI files anyway
  • Moved to INI files
  • No reason to support two methods
  • Users can tweak settings and rescan systems
  • Scans launched using the system account

17
IET DCCS Architecture
  • Mangement Console
  • Separate virtual systems for IIS SQL
  • Certificates
  • Clients
  • Leveraged Powershell to script installation
  • Verify connectivity to MC
  • Check system type
  • Include password check
  • Check for and uninstall previous versions
  • Import registry key for MC
  • Create INI
  • Delete old scheduled task
  • Schedule new scan

18
Lessons Learned
  • MC is a resource hog.
  • Nuances with schtasks.
  • Clients were configured to search for SSN CC
    but also pulled up Back Account information.
  • Be prepared for False-Positives.
  • Password check really slows down the scan.
  • When configured as background service, it will
    allocate the remaining resources.

19
Breaking News
  • Features in the next version of Identity Finder.

20
Questions?
21
Identity Finder Management Console
  • Lab
About PowerShow.com