Identifying and encrypting personal information
This presentation is the property of its rightful owner.
Sponsored Links
1 / 41

Identifying and Encrypting Personal Information PowerPoint PPT Presentation


  • 93 Views
  • Uploaded on
  • Presentation posted in: General

Identifying and Encrypting Personal Information. Using Cornell Spider and Pointsec for PC Benjamin Stein Doreen Meyer [email protected] Overview. What is personal information? Searching for personal information using Cornell Spider

Download Presentation

Identifying and Encrypting Personal Information

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Identifying and encrypting personal information

Identifying and Encrypting Personal Information

Using Cornell Spider and

Pointsec for PC

Benjamin Stein

Doreen Meyer

[email protected]


Overview

Overview

  • What is personal information?

  • Searching for personal information using Cornell Spider

  • Mitigating risk of exposure of personal information

  • Encryption Policy, Encryption Options

  • Whole disk encryption using Pointsec for PC

  • Questions


Personal information and hipaa

Personal Information and HIPAA

  • HIPAA: Health Information Portability and Accountability Act

  • Psychological Services

  • Medical Records

  • http://www.hhs.gov/ocr/hipaa/


Personal information ca sb1386 and civil code 1798

Personal Information: CA SB1386 and Civil Code 1798

  • Account access number and password

  • Bank/financial account number

  • California identification card number

  • Credit/debit card number

  • Driver’s license number

  • Social Security number

  • http://www.privacy.ca.gov/code/ipa.htm


Personal information ferpa

Personal Information: FERPA

  • Family Education Rights and Privacy Act of 1974 (FERPA)

  • Class level, class schedule, academic status, grades, instructors, transcripts

  • Student ID number, Social Security number

  • Fees paid, loan collection records, financial aid records, etc.

  • http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html


Searching for personal information

Searching for personal information

  • Data focus: credit card numbers and Social Security numbers

  • UCD supported products: Cornell Spider and PowerGREP


Mitigating risk of exposure of personal information

Mitigating Risk of Exposure of Personal Information

  • Higher cost (time, tools) for administering a system containing personal information.

  • IET supports the Cyber-safety program and a number of tools that assist in protecting personal information, including Tripwire, Spider/PowerGREP, self-directed Nessus scans, and Pointsec.


Maintain a list of systems containing sensitive data

Maintain a list of systems containing sensitive data

  • Catalog the system name, IP, owner, type of service running on the system, type of sensitive data residing on the system

  • Share this information with the technical support staff and the unit administrative managers

  • Confirm and update this information on a regular basis


Monitor when the data is accessed or modified

Monitor when the data is accessed or modified

  • Use Tripwire to identify file and directory changes.

  • Write logs to a central logging server (syslogng, snare, MOM).

  • Turn on auditing of successful and unsuccessful logins.

  • Read your logs on a regular basis.


Restrict access to the system and its sensitive data

Restrict access to the system and its sensitive data

  • No group accounts (cannot audit access)

  • Access system and data using encrypted protocols such as ssh (sftp, scp), ssl (https), rdp, ipsec

  • Evaluate physical security

  • Use host-based and hardware firewalls


Use share or transfer restricted data in a safe manner

Use, share, or transfer restricted data in a safe manner

  • Do not use email to send unencrypted restricted data.

  • Do not use restricted data as a key in a database.

  • Do not use restricted data on a test or development system.

  • When sharing restricted data, ensure that users are aware that the data should be handled carefully and in compliance with policies.


Cornell spider demo

Cornell Spider Demo


Encryption policy

Encryption Policy

  • UC Davis whole disk encryption policy draft: http://security.ucdavis.edu/encryption_policydraft.pdf

  • UCOP protection of personal information policies: http://www.ucop.edu/irc/itsec/infoprotect.html


Encryption options

Encryption Options

  • Windows OS


Encryption options1

Encryption Options

  • Mac OSX


Encryption options2

Encryption Options

  • Linux


Pointsec for pc at ucd

Pointsec for PC at UCD

  • http://security.ucdavis.edu/encryption.cfm


Pointsec for pc

Pointsec for PC

  • If a drive is lost or stolen, the encrypted partitions and everything on them are reasonably secure.

  • Meets certain legal requirements


What it isn t

What it isn’t

  • Pointsec for PC is not a complete encryption solution

    • Currently limited to 2000 and XP

    • Only encrypts partitions

    • Does not encrypt network drives


Features

Features

  • Whole disk encryption

  • Multiple user access

  • Configuration options

  • Recovery tools

  • Enterprise management

    • Logging

    • Enforceable policies

    • Permissions


Experience

Experience

  • Login screen at boot

  • System tray icon

  • Transparent to OS

  • Minimal performance impact


Example

Example:


System tray icon

System Tray Icon:

  • While encrypting:

  • Fully encrypted:


How to install

How to install

  • Available to individuals and departments

  • Check requirements

  • Request license from IET Security

  • Decide on default or custom configuration

  • Get install media

  • Return recovery file

  • After encryption completes return log file


Requirements

Requirements

  • Windows 2000, XP and Vista soon

  • No dual boot

  • No servers

  • No fancy disk configurations


Preparing the system

Preparing the System

  • Backup!

  • Defrag

  • Scan for viruses, etc

  • Uninstall and disable the unnecessary services

  • Check the disk(s)


Installing the software

Installing the Software

  • Use administrative account

  • Launch installer

  • Reboot

  • Login to Pointsec

  • Login to OS

  • Grab recovery file

  • Encryption begins


Identifying and encrypting personal information

Demo


Encryption process

Encryption Process

  • Encryption proceeds at 10-20GB/hr

  • Depends on disk size not amount of data

  • System can be used, shut down or rebooted

  • After encryption completed grab log file


Support

Support

  • Remote password reset

  • Managing users

  • Uninstall

  • Updates and upgrades

  • Recovery disk

  • Bart’s disk


Managing users

Managing Users

  • Types of users

    • Normal, Service, Temp

  • Types of permissions

    • Privileged and plain permissions

  • Creating additional users


Uninstall

Uninstall

  • Requires two accounts with rights

  • Can be faster to clone or recover than decrypt


Updates upgrades and reinstalls

Updates, Upgrades and Reinstalls

  • Updates

    • Change users, passwords, certs or settings

  • Upgrades

    • Major product upgrade?

  • Reinstalls

    • Add additional partitions or disks


Recovery disk

Recovery Disk

  • Create from recovery file or target computer

  • Requires two admin accounts

  • Decrypts


Bart s pe with plug in

Bart’s PE with Plug-in

  • Requires version specific plug-in

  • Must boot and login

  • Ctrl + F10 for alternative boot menu

  • Bart’s then has full access to disk


Customizing

Customizing

  • Default configuration will meet most needs, however, there are lots of options…

  • Configuration worksheet

  • Alternative profiles


Review

Review

  • Whole Disk Encryption

  • Low overhead

  • Quick default install

  • Support options

  • Highly customizable


Additional resources

Additional Resources

  • Product documentation

  • Pointsec 24 x 7 tech support

  • IET: [email protected]


Questions answers

Questions & Answers


  • Login