identifying and encrypting personal information
Download
Skip this Video
Download Presentation
Identifying and Encrypting Personal Information

Loading in 2 Seconds...

play fullscreen
1 / 41

Identifying and Encrypting Personal Information - PowerPoint PPT Presentation


  • 140 Views
  • Uploaded on

Identifying and Encrypting Personal Information. Using Cornell Spider and Pointsec for PC Benjamin Stein Doreen Meyer [email protected] Overview. What is personal information? Searching for personal information using Cornell Spider

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Identifying and Encrypting Personal Information ' - brody


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
identifying and encrypting personal information

Identifying and Encrypting Personal Information

Using Cornell Spider and

Pointsec for PC

Benjamin Stein

Doreen Meyer

[email protected]

overview
Overview
  • What is personal information?
  • Searching for personal information using Cornell Spider
  • Mitigating risk of exposure of personal information
  • Encryption Policy, Encryption Options
  • Whole disk encryption using Pointsec for PC
  • Questions
personal information and hipaa
Personal Information and HIPAA
  • HIPAA: Health Information Portability and Accountability Act
  • Psychological Services
  • Medical Records
  • http://www.hhs.gov/ocr/hipaa/
personal information ca sb1386 and civil code 1798
Personal Information: CA SB1386 and Civil Code 1798
  • Account access number and password
  • Bank/financial account number
  • California identification card number
  • Credit/debit card number
  • Driver’s license number
  • Social Security number
  • http://www.privacy.ca.gov/code/ipa.htm
personal information ferpa
Personal Information: FERPA
  • Family Education Rights and Privacy Act of 1974 (FERPA)
  • Class level, class schedule, academic status, grades, instructors, transcripts
  • Student ID number, Social Security number
  • Fees paid, loan collection records, financial aid records, etc.
  • http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html
searching for personal information
Searching for personal information
  • Data focus: credit card numbers and Social Security numbers
  • UCD supported products: Cornell Spider and PowerGREP
mitigating risk of exposure of personal information
Mitigating Risk of Exposure of Personal Information
  • Higher cost (time, tools) for administering a system containing personal information.
  • IET supports the Cyber-safety program and a number of tools that assist in protecting personal information, including Tripwire, Spider/PowerGREP, self-directed Nessus scans, and Pointsec.
maintain a list of systems containing sensitive data
Maintain a list of systems containing sensitive data
  • Catalog the system name, IP, owner, type of service running on the system, type of sensitive data residing on the system
  • Share this information with the technical support staff and the unit administrative managers
  • Confirm and update this information on a regular basis
monitor when the data is accessed or modified
Monitor when the data is accessed or modified
  • Use Tripwire to identify file and directory changes.
  • Write logs to a central logging server (syslogng, snare, MOM).
  • Turn on auditing of successful and unsuccessful logins.
  • Read your logs on a regular basis.
restrict access to the system and its sensitive data
Restrict access to the system and its sensitive data
  • No group accounts (cannot audit access)
  • Access system and data using encrypted protocols such as ssh (sftp, scp), ssl (https), rdp, ipsec
  • Evaluate physical security
  • Use host-based and hardware firewalls
use share or transfer restricted data in a safe manner
Use, share, or transfer restricted data in a safe manner
  • Do not use email to send unencrypted restricted data.
  • Do not use restricted data as a key in a database.
  • Do not use restricted data on a test or development system.
  • When sharing restricted data, ensure that users are aware that the data should be handled carefully and in compliance with policies.
encryption policy
Encryption Policy
  • UC Davis whole disk encryption policy draft: http://security.ucdavis.edu/encryption_policydraft.pdf
  • UCOP protection of personal information policies: http://www.ucop.edu/irc/itsec/infoprotect.html
pointsec for pc at ucd
Pointsec for PC at UCD
  • http://security.ucdavis.edu/encryption.cfm
pointsec for pc
Pointsec for PC
  • If a drive is lost or stolen, the encrypted partitions and everything on them are reasonably secure.
  • Meets certain legal requirements
what it isn t
What it isn’t
  • Pointsec for PC is not a complete encryption solution
    • Currently limited to 2000 and XP
    • Only encrypts partitions
    • Does not encrypt network drives
features
Features
  • Whole disk encryption
  • Multiple user access
  • Configuration options
  • Recovery tools
  • Enterprise management
    • Logging
    • Enforceable policies
    • Permissions
experience
Experience
  • Login screen at boot
  • System tray icon
  • Transparent to OS
  • Minimal performance impact
system tray icon
System Tray Icon:
  • While encrypting:
  • Fully encrypted:
how to install
How to install
  • Available to individuals and departments
  • Check requirements
  • Request license from IET Security
  • Decide on default or custom configuration
  • Get install media
  • Return recovery file
  • After encryption completes return log file
requirements
Requirements
  • Windows 2000, XP and Vista soon
  • No dual boot
  • No servers
  • No fancy disk configurations
preparing the system
Preparing the System
  • Backup!
  • Defrag
  • Scan for viruses, etc
  • Uninstall and disable the unnecessary services
  • Check the disk(s)
installing the software
Installing the Software
  • Use administrative account
  • Launch installer
  • Reboot
  • Login to Pointsec
  • Login to OS
  • Grab recovery file
  • Encryption begins
encryption process
Encryption Process
  • Encryption proceeds at 10-20GB/hr
  • Depends on disk size not amount of data
  • System can be used, shut down or rebooted
  • After encryption completed grab log file
support
Support
  • Remote password reset
  • Managing users
  • Uninstall
  • Updates and upgrades
  • Recovery disk
  • Bart’s disk
managing users
Managing Users
  • Types of users
    • Normal, Service, Temp
  • Types of permissions
    • Privileged and plain permissions
  • Creating additional users
uninstall
Uninstall
  • Requires two accounts with rights
  • Can be faster to clone or recover than decrypt
updates upgrades and reinstalls
Updates, Upgrades and Reinstalls
  • Updates
    • Change users, passwords, certs or settings
  • Upgrades
    • Major product upgrade?
  • Reinstalls
    • Add additional partitions or disks
recovery disk
Recovery Disk
  • Create from recovery file or target computer
  • Requires two admin accounts
  • Decrypts
bart s pe with plug in
Bart’s PE with Plug-in
  • Requires version specific plug-in
  • Must boot and login
  • Ctrl + F10 for alternative boot menu
  • Bart’s then has full access to disk
customizing
Customizing
  • Default configuration will meet most needs, however, there are lots of options…
  • Configuration worksheet
  • Alternative profiles
review
Review
  • Whole Disk Encryption
  • Low overhead
  • Quick default install
  • Support options
  • Highly customizable
additional resources
Additional Resources
ad