1 / 38

Campus Meeting on CSUID Implementation – SSN Purge csuid.colostate

Campus Meeting on CSUID Implementation – SSN Purge http://csuid.colostate.edu. Pat Burns and Steve Lovaas ACNS July 28, 2006. Burns Background Authority Scope The CSUID The “Purge” Process Roles and responsibilities. Lovaas Scanning systems Encryption techniques All: Q&A. Outline.

fairly
Download Presentation

Campus Meeting on CSUID Implementation – SSN Purge csuid.colostate

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Campus Meeting on CSUID Implementation – SSN Purgehttp://csuid.colostate.edu Pat Burns and Steve Lovaas ACNS July 28, 2006

  2. Burns Background Authority Scope The CSUID The “Purge” Process Roles and responsibilities Lovaas Scanning systems Encryption techniques All: Q&A Outline

  3. Background • HB 03-1175: cease and desist using SSN’s or portions thereof as primary identifiers for students effective July 1, 2004 • CCHE exception granted until fall 2006 • Federal/state mandates/laws • Paccione legislation • GLBA, SOX, HIPAA,… • Impending “Identity Theft Protection Act”

  4. Authority • CSU IT Security Policy version 1.7, approved by the ITEC July 11, 2006 • Prohibition of SSN’s on systems unless approved by the AVPIIT • Scanning files permitted • SSN “purge” process, approved by the ITEC July 11, 2006 • Letter from SVP/Provost to Deans, Directors and Department Heads (ddd’s) • SSN Attestation Form • SSN Exception Form

  5. The CSU IT Security Policy ver. 1.7 • Approved by the ITEC on July 11, 2006 • New material: • SSN’s not allowed on systems, unless approved by the AVPIIT • SSN’s on portable devices must be encrypted • Authority to scan files/systems for sensitive information • For the purpose of identifying sensitive information • Location information returned only to the owner of the file, for appropriate action

  6. Moreover • It is the “right” thing to do • Our constituents deserve no less than diligent protection of their personal information

  7. Scope • All employees • All systems • No automatic exceptions

  8. The New CSUID • The ID card office is replacing all ID cards, and this will be completed at the start of the fall 2006 semester • PID will be replaced by CSUID on all central systems (except ISIS) on August 17, 2006 • Including the data warehouse • Including class rolls and grade rolls • SSN’s generally unavailable thereafter • Also need to “purge” SSNs from all systems

  9. Risk Mitigation • Avoid – purge SSNs from systems • Reduce – remove unnecessary SSNs from systems • Transfer – use SSNs on central systems • Accept – accept risk where we must

  10. The “Purge” Process • Ddd’s distribute, collect and return SSN Personal Attestation Forms for their employees • All employees must complete an SSN Personal Attestation Form • Employees who check “Yes” (SSNs used) assess their level of effort • Suggest they work with IT staff to scan systems

  11. Exceptions • Must be applied for and approved by the AVPIIT • Request ddd’s to collect and return SSN Exception Forms • Must be endorsed by IT staff, or if IT staff is the applicant, by their supervisor • Form available at • http://csuid.colostate.edu/?page=forms • All forms, including SVP memo, available there

  12. Role of IT Staff • Work with users to scan systems for SSNs and CCN’s • Scan systems • Return lists of files to users for their actions • Endorse SSN Exception Forms • Provide feedback to ACNS • Remove all requests for SSNs from hardcopy and electronic forms/programs • Reprogram all applications not to use SSNs

  13. Role of AVPIIT • Coordinate the process • Process Exception forms • Report outcome to SVP/Provost

  14. Role of ACNS • Provide a solution for scanning systems and files for SSN’s and CCN’s • Provide a solution for encrypting files, and central archival of encryption keys • Horror stories about individuals losing or “forgetting” their encryption key, not like a system password that can be reset

  15. Scanning and Encryption • Steve Lovaas, ACNS • Scanning • Spider • Encryption • TrueCrypt • Key escrow

  16. Scanning Systems for SSN’s and CCN’s • Cornell’s Spider • A Note on Exchange • Approach for Linux/Mac and Windows • Architecture • Features • Usage • Gotchas

  17. Cornell University’s Spider – the product • In-house tool from Cornell • Originally a Helix forensic boot disk tool • New version written for Windows • EDUCAUSE distribution effort • Uses regular expressions to scan for SSNs, with extensions to look into some of the more popular file formats • Note: Credit card numbers already a no-no; this tool helps purge them too!

  18. Cornell University’s Spider at CSU • Hosting code and documentation locally • http://csuid.colostate.edu/?page=tools • ACNS developed custom regular expressions and CSU-default configurations • Hosting local copies of original Cornell docs • Please don’t flood Cornell with questions • spider_help@colostate.edu

  19. Using Spider – results and procedures • False positives • There will be a lot • You or the user get to sort through them • Extension skip list to minimize them • Notifying users of potential hits • Avoid anything that actually sends SSNs over the network (email users file paths only, or describe over the phone…) • Remember to protect the results • Encrypt or store off-line

  20. A note on Exchange Servers • Spider doesn’t search Exchange stores • Cornell doesn’t use Exchange • Microsoft protection of Exchange • ACNS will scan CSU Exchange farm with custom tools • Colleges/departments with Exchange? • Contact Nick Smith in ACNS • Nick.Smith@colostate.edu

  21. Spider for Linux - Architecture • Written in Perl • Uses several modules and other utilities • 2 parts: • Client does scanning • Server listens for and logs results • Recommended approach • Run on a single machine • Mount other machines via NFS or Samba • This is the best way to scan Mac OS X

  22. Spider for Linux - Features • Older, stable version of forensic tool • Command line only • No recent feature upgrades • Limited view into Microsoft file formats

  23. Spider for Linux - Usage • Resources on CSUID tools page • Instructions, config hints, recommendations • Custom REGEX file to replace defaults • Man page in the distribution • All the switches and config details

  24. Spider for Windows - Architecture • Native executable • Many features compiled in, many options • Requirements: • Administrative access • 2000/XP/2003 with .NET 1.1 • Must reboot after installing tool • Run locally or map remote drives • Speed vs load

  25. Spider for Windows - Features • Newer product • CSU IT Security Technical Subcommittee has been submitting feedback and bug reports • Many recent feature additions and revisions, bug fixes • CSU has chosen the latest Beta rather than the last stable release, due to advanced features (after extensive ACNS testing) • Easy-to-use GUI

  26. Spider for Windows - Usage • Resources on the CSUID tools page • Instructions, config hints, recommendations • CSU-customized .reg file with default settings • ACNS’ best guess at a good list of extensions to skip • Recommended approach • Easier to install than Linux version • Single scanning machine vs one-by-one • Balance of time vs resources

  27. Spider - Gotchas for both flavors • Some file types not scanned or don’t work • Linux can do Word, but not Excel or Access • Windows has trouble with some PDF files • Very large files will sometimes stall the program • Email attachments are difficult to scan • Log files are a roadmap to all this data • Save to USB device or CD • Encrypt anything remaining on fixed disks (Windows version does this itself)

  28. Encrypt What’s Left • Some systems will receive exemptions • Need to store SSNs or CCNs locally • Policy says encrypt • What tools? • Risks of encryption

  29. Encryption – Choice of Tools • Basic options • Operating system features (Windows EFS) • Commercial products (PGP Desktop) • Open source products (TrueCrypt) • Metrics to choose by • Price • Ease of use • Reliability/risk

  30. Encryption – Windows EFS • Pros • Available out of the box in 2000 and XP • Very easy, intuitive user experience • Free • Cons • If user login is compromised, data is accessible • Default key recovery agent is Administrator • Need an enterprise CA to be flexible enough • Self-destruct feature in XP without a CA

  31. Encryption – TrueCrypt • Pros • Free, Open Source • Fairly easy to use • Available key escrow without a CA • Separate password from Windows login • Available for Linux as well • Cons • A separate product to install

  32. Encryption with TrueCrypt - concept • Volume encryption • An entire hard drive • A whole logical drive • An entire removable device (USB stick) • A single file on any of these as a virtual filesystem • Not OS-dependent • Application + password (+ keyfile) • Single USB device usable on Windows, Linux

  33. Encryption with TrueCrypt - features • Virtual filesystem • Mount a file or drive as a separate mount point • Treated just like a drive – defrag, virus scan, etc • Can be backed up • Key escrow • Administrator installs program, creates volume • Backs up header, then sets a user password • Recovery of header restores original admin password

  34. Encryption with TrueCrypt - usage • Windows • Launch the GUI • Create an encrypted volume • Mount the volume to make it available • Drag and drop files in and out • Dismount when done (reboot dismounts too) • Linux • Command line only • Same procedures and features

  35. Encryption with TrueCrypt – usage (2) • Encryption strength • AES (256-bit) • Hashing function only for randomization in creating the volume, so SHA-1 is OK • Key escrow HIGHLY RECOMMENDED • ACNS will provide storage of volume headers • If you use this (or any) encryption product without recovery ability, data could be lost forever • The cure could be worse than the disease

  36. Key Escrow • Crucial to acceptance of an encryption tool • Loss of password must not = loss of data forever • ACNS will provide hosting • Offline, redundant storage (not networked) • Physical security (monitored, locked, alarmed) • Consistent naming conventions (for scalability) • May be intermediate step toward a future CA • Better scalability, automation, ease of use • Support for email encryption, client certificates

  37. Summary of Resources • http://csuid.colostate.edu • Forms • Spider • Executables, configs, documentation • TrueCrypt • Local user instruction document • External links to download installers and documentation • ACNS • spider_help@colostate.edu • key_escrow@colostate.edu

  38. Discussion • Is most welcome

More Related