Identifying and encrypting personal information
1 / 41

Identifying and Encrypting Personal Information - PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Identifying and Encrypting Personal Information. Using Cornell Spider and Pointsec for PC Benjamin Stein Doreen Meyer Overview. What is personal information? Searching for personal information using Cornell Spider

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Identifying and Encrypting Personal Information

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Identifying and Encrypting Personal Information

Using Cornell Spider and

Pointsec for PC

Benjamin Stein

Doreen Meyer


  • What is personal information?

  • Searching for personal information using Cornell Spider

  • Mitigating risk of exposure of personal information

  • Encryption Policy, Encryption Options

  • Whole disk encryption using Pointsec for PC

  • Questions

Personal Information and HIPAA

  • HIPAA: Health Information Portability and Accountability Act

  • Psychological Services

  • Medical Records


Personal Information: CA SB1386 and Civil Code 1798

  • Account access number and password

  • Bank/financial account number

  • California identification card number

  • Credit/debit card number

  • Driver’s license number

  • Social Security number


Personal Information: FERPA

  • Family Education Rights and Privacy Act of 1974 (FERPA)

  • Class level, class schedule, academic status, grades, instructors, transcripts

  • Student ID number, Social Security number

  • Fees paid, loan collection records, financial aid records, etc.


Searching for personal information

  • Data focus: credit card numbers and Social Security numbers

  • UCD supported products: Cornell Spider and PowerGREP

Mitigating Risk of Exposure of Personal Information

  • Higher cost (time, tools) for administering a system containing personal information.

  • IET supports the Cyber-safety program and a number of tools that assist in protecting personal information, including Tripwire, Spider/PowerGREP, self-directed Nessus scans, and Pointsec.

Maintain a list of systems containing sensitive data

  • Catalog the system name, IP, owner, type of service running on the system, type of sensitive data residing on the system

  • Share this information with the technical support staff and the unit administrative managers

  • Confirm and update this information on a regular basis

Monitor when the data is accessed or modified

  • Use Tripwire to identify file and directory changes.

  • Write logs to a central logging server (syslogng, snare, MOM).

  • Turn on auditing of successful and unsuccessful logins.

  • Read your logs on a regular basis.

Restrict access to the system and its sensitive data

  • No group accounts (cannot audit access)

  • Access system and data using encrypted protocols such as ssh (sftp, scp), ssl (https), rdp, ipsec

  • Evaluate physical security

  • Use host-based and hardware firewalls

Use, share, or transfer restricted data in a safe manner

  • Do not use email to send unencrypted restricted data.

  • Do not use restricted data as a key in a database.

  • Do not use restricted data on a test or development system.

  • When sharing restricted data, ensure that users are aware that the data should be handled carefully and in compliance with policies.

Cornell Spider Demo

Encryption Policy

  • UC Davis whole disk encryption policy draft:

  • UCOP protection of personal information policies:

Encryption Options

  • Windows OS

Encryption Options

  • Mac OSX

Encryption Options

  • Linux

Pointsec for PC at UCD


Pointsec for PC

  • If a drive is lost or stolen, the encrypted partitions and everything on them are reasonably secure.

  • Meets certain legal requirements

What it isn’t

  • Pointsec for PC is not a complete encryption solution

    • Currently limited to 2000 and XP

    • Only encrypts partitions

    • Does not encrypt network drives


  • Whole disk encryption

  • Multiple user access

  • Configuration options

  • Recovery tools

  • Enterprise management

    • Logging

    • Enforceable policies

    • Permissions


  • Login screen at boot

  • System tray icon

  • Transparent to OS

  • Minimal performance impact


System Tray Icon:

  • While encrypting:

  • Fully encrypted:

How to install

  • Available to individuals and departments

  • Check requirements

  • Request license from IET Security

  • Decide on default or custom configuration

  • Get install media

  • Return recovery file

  • After encryption completes return log file


  • Windows 2000, XP and Vista soon

  • No dual boot

  • No servers

  • No fancy disk configurations

Preparing the System

  • Backup!

  • Defrag

  • Scan for viruses, etc

  • Uninstall and disable the unnecessary services

  • Check the disk(s)

Installing the Software

  • Use administrative account

  • Launch installer

  • Reboot

  • Login to Pointsec

  • Login to OS

  • Grab recovery file

  • Encryption begins


Encryption Process

  • Encryption proceeds at 10-20GB/hr

  • Depends on disk size not amount of data

  • System can be used, shut down or rebooted

  • After encryption completed grab log file


  • Remote password reset

  • Managing users

  • Uninstall

  • Updates and upgrades

  • Recovery disk

  • Bart’s disk

Managing Users

  • Types of users

    • Normal, Service, Temp

  • Types of permissions

    • Privileged and plain permissions

  • Creating additional users


  • Requires two accounts with rights

  • Can be faster to clone or recover than decrypt

Updates, Upgrades and Reinstalls

  • Updates

    • Change users, passwords, certs or settings

  • Upgrades

    • Major product upgrade?

  • Reinstalls

    • Add additional partitions or disks

Recovery Disk

  • Create from recovery file or target computer

  • Requires two admin accounts

  • Decrypts

Bart’s PE with Plug-in

  • Requires version specific plug-in

  • Must boot and login

  • Ctrl + F10 for alternative boot menu

  • Bart’s then has full access to disk


  • Default configuration will meet most needs, however, there are lots of options…

  • Configuration worksheet

  • Alternative profiles


  • Whole Disk Encryption

  • Low overhead

  • Quick default install

  • Support options

  • Highly customizable

Additional Resources

  • Product documentation

  • Pointsec 24 x 7 tech support

  • IET:

Questions & Answers

  • Login