Identifying and encrypting personal information
Download
1 / 41

Identifying and Encrypting Personal Information - PowerPoint PPT Presentation


  • 140 Views
  • Uploaded on

Identifying and Encrypting Personal Information. Using Cornell Spider and Pointsec for PC Benjamin Stein Doreen Meyer cybersecurity@ucdavis.edu. Overview. What is personal information? Searching for personal information using Cornell Spider

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Identifying and Encrypting Personal Information' - brody


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Identifying and encrypting personal information

Identifying and Encrypting Personal Information

Using Cornell Spider and

Pointsec for PC

Benjamin Stein

Doreen Meyer

cybersecurity@ucdavis.edu


Overview
Overview

  • What is personal information?

  • Searching for personal information using Cornell Spider

  • Mitigating risk of exposure of personal information

  • Encryption Policy, Encryption Options

  • Whole disk encryption using Pointsec for PC

  • Questions


Personal information and hipaa
Personal Information and HIPAA

  • HIPAA: Health Information Portability and Accountability Act

  • Psychological Services

  • Medical Records

  • http://www.hhs.gov/ocr/hipaa/


Personal information ca sb1386 and civil code 1798
Personal Information: CA SB1386 and Civil Code 1798

  • Account access number and password

  • Bank/financial account number

  • California identification card number

  • Credit/debit card number

  • Driver’s license number

  • Social Security number

  • http://www.privacy.ca.gov/code/ipa.htm


Personal information ferpa
Personal Information: FERPA

  • Family Education Rights and Privacy Act of 1974 (FERPA)

  • Class level, class schedule, academic status, grades, instructors, transcripts

  • Student ID number, Social Security number

  • Fees paid, loan collection records, financial aid records, etc.

  • http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html


Searching for personal information
Searching for personal information

  • Data focus: credit card numbers and Social Security numbers

  • UCD supported products: Cornell Spider and PowerGREP


Mitigating risk of exposure of personal information
Mitigating Risk of Exposure of Personal Information

  • Higher cost (time, tools) for administering a system containing personal information.

  • IET supports the Cyber-safety program and a number of tools that assist in protecting personal information, including Tripwire, Spider/PowerGREP, self-directed Nessus scans, and Pointsec.


Maintain a list of systems containing sensitive data
Maintain a list of systems containing sensitive data

  • Catalog the system name, IP, owner, type of service running on the system, type of sensitive data residing on the system

  • Share this information with the technical support staff and the unit administrative managers

  • Confirm and update this information on a regular basis


Monitor when the data is accessed or modified
Monitor when the data is accessed or modified

  • Use Tripwire to identify file and directory changes.

  • Write logs to a central logging server (syslogng, snare, MOM).

  • Turn on auditing of successful and unsuccessful logins.

  • Read your logs on a regular basis.


Restrict access to the system and its sensitive data
Restrict access to the system and its sensitive data

  • No group accounts (cannot audit access)

  • Access system and data using encrypted protocols such as ssh (sftp, scp), ssl (https), rdp, ipsec

  • Evaluate physical security

  • Use host-based and hardware firewalls


Use share or transfer restricted data in a safe manner
Use, share, or transfer restricted data in a safe manner

  • Do not use email to send unencrypted restricted data.

  • Do not use restricted data as a key in a database.

  • Do not use restricted data on a test or development system.

  • When sharing restricted data, ensure that users are aware that the data should be handled carefully and in compliance with policies.



Encryption policy
Encryption Policy

  • UC Davis whole disk encryption policy draft: http://security.ucdavis.edu/encryption_policydraft.pdf

  • UCOP protection of personal information policies: http://www.ucop.edu/irc/itsec/infoprotect.html


Encryption options
Encryption Options

  • Windows OS




Pointsec for pc at ucd
Pointsec for PC at UCD

  • http://security.ucdavis.edu/encryption.cfm


Pointsec for pc
Pointsec for PC

  • If a drive is lost or stolen, the encrypted partitions and everything on them are reasonably secure.

  • Meets certain legal requirements


What it isn t
What it isn’t

  • Pointsec for PC is not a complete encryption solution

    • Currently limited to 2000 and XP

    • Only encrypts partitions

    • Does not encrypt network drives


Features
Features

  • Whole disk encryption

  • Multiple user access

  • Configuration options

  • Recovery tools

  • Enterprise management

    • Logging

    • Enforceable policies

    • Permissions


Experience
Experience

  • Login screen at boot

  • System tray icon

  • Transparent to OS

  • Minimal performance impact



System tray icon
System Tray Icon:

  • While encrypting:

  • Fully encrypted:


How to install
How to install

  • Available to individuals and departments

  • Check requirements

  • Request license from IET Security

  • Decide on default or custom configuration

  • Get install media

  • Return recovery file

  • After encryption completes return log file


Requirements
Requirements

  • Windows 2000, XP and Vista soon

  • No dual boot

  • No servers

  • No fancy disk configurations


Preparing the system
Preparing the System

  • Backup!

  • Defrag

  • Scan for viruses, etc

  • Uninstall and disable the unnecessary services

  • Check the disk(s)


Installing the software
Installing the Software

  • Use administrative account

  • Launch installer

  • Reboot

  • Login to Pointsec

  • Login to OS

  • Grab recovery file

  • Encryption begins



Encryption process
Encryption Process

  • Encryption proceeds at 10-20GB/hr

  • Depends on disk size not amount of data

  • System can be used, shut down or rebooted

  • After encryption completed grab log file


Support
Support

  • Remote password reset

  • Managing users

  • Uninstall

  • Updates and upgrades

  • Recovery disk

  • Bart’s disk


Managing users
Managing Users

  • Types of users

    • Normal, Service, Temp

  • Types of permissions

    • Privileged and plain permissions

  • Creating additional users


Uninstall
Uninstall

  • Requires two accounts with rights

  • Can be faster to clone or recover than decrypt


Updates upgrades and reinstalls
Updates, Upgrades and Reinstalls

  • Updates

    • Change users, passwords, certs or settings

  • Upgrades

    • Major product upgrade?

  • Reinstalls

    • Add additional partitions or disks


Recovery disk
Recovery Disk

  • Create from recovery file or target computer

  • Requires two admin accounts

  • Decrypts


Bart s pe with plug in
Bart’s PE with Plug-in

  • Requires version specific plug-in

  • Must boot and login

  • Ctrl + F10 for alternative boot menu

  • Bart’s then has full access to disk


Customizing
Customizing

  • Default configuration will meet most needs, however, there are lots of options…

  • Configuration worksheet

  • Alternative profiles


Review
Review

  • Whole Disk Encryption

  • Low overhead

  • Quick default install

  • Support options

  • Highly customizable


Additional resources
Additional Resources

  • Product documentation

  • Pointsec 24 x 7 tech support

  • IET: cybersecurity@ucdavis.edu