deploying tools for cleaning personal information university of pennsylvania school of arts and...
Post on 21-Dec-2015
215 views
TRANSCRIPT
Deploying Tools for Cleaning Personal Information
University of Pennsylvania School of Arts and Sciences
Justin C. Klein KeaneSr. Information Security Spec.
Copyright 2009 Justin C. Klein Keane, University of Pennsylvania, School of Arts and Sciences. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To
disseminate otherwise or to republish requires written permission from the author.
About SAS
University of Pennsylvania's School of Arts and Sciences is one of the largest schools
Spread over nearly 40 departments and centers, each with their own IT structure
Thousands of faculty and staff end points We have our own IT infrastructure, but each
school and center may have complementary structures
Copyright 2009 Justin C. Klein Keane, University of Pennsylvania, School of Arts
and Sciences
About SAS InfoSec
Consists of: One director of Information Security and Unix
Systems (ISUS) One full time information security specialist One full time co-op One part time project manager
Copyright 2009 Justin C. Klein Keane, University of Pennsylvania, School of Arts
and Sciences
Need for Identity Finder
December 18, 2007 Penn implements new Social Security Number policy
Identify SSN's Remediate sensitive data
Drive to protect University data and to prevent costly, legally mandated, disclosures
Tied with the University Security and Privacy Impact Assessment (SPIA) initiative
Copyright 2009 Justin C. Klein Keane, University of Pennsylvania, School of Arts
and Sciences
Initial Compliance Plan
Plan use open source Cornell Spider tool (v 2.9.5) Challenges Scalability Manageability Remediation Ease of use No central management
Copyright 2009 Justin C. Klein Keane, University of Pennsylvania, School of Arts
and Sciences
Exploring Options
Penn SAS Information Security began a year long product evaluation
Tested products including Identity Finder, Proventsure, Vontu and Vericept
Talked with McAffee but at the time no solution was available
Copyright 2009 Justin C. Klein Keane, University of Pennsylvania, School of Arts
and Sciences
Evaluation Criteria
Number of false positives Number of false negatives Number of files actually containing PII found Time to scan client Ease of marking false positives across systems
with checksums Number of file formats successfully read
Copyright 2009 Justin C. Klein Keane, University of Pennsylvania, School of Arts
and Sciences
Evaluation Criteria (cont.)
Business objects analysis Ability to allow individual admin users to view
results from only a specific subset of machines Verify that agent does not require opening
incoming ports on the client machine Platforms supported for agent If software has both agent and install-less
versions, test capabilities of both
Copyright 2009 Justin C. Klein Keane, University of Pennsylvania, School of Arts
and Sciences
Evaluation Criteria (cont.)
Test if software detects agent MIA Verify that we can turn off copying excerpts /
grabbing data / copying actual file Determine how infrastructure would mix with
existing infrastructure (can we auth using Active Directory?)
Copyright 2009 Justin C. Klein Keane, University of Pennsylvania, School of Arts
and Sciences
Identifying Needs
Talking to vendors we quickly realized what we didn't want was a Data Loss Prevention (DLP) tool for several reasons:
Overly invasive Usually required infrastructure Needed vast customization Bad for InfoSec's image Contained features we weren't going to use Allowed InfoSec to act on end point data
Copyright 2009 Justin C. Klein Keane, University of Pennsylvania, School of Arts
and Sciences
Identifying Needs (cont.)
We found that each product we looked at found SSN's with about the same degree of accuracy
This then made secondary factors weigh heavily in our decision:
Ease of management Total cost of ownership End user friendliness
Copyright 2009 Justin C. Klein Keane, University of Pennsylvania, School of Arts
and Sciences
Why We Chose Identity Finder
Identity Finder allows end users to sort, search, and control their own scan results
Identity Finder presented the end user with remediation options within the tool itself
In tests, Identity Finder's ease of use meant users actually acted on data discovered
The product continued to mature significantly since we began evaluation
Imminent Mac clientCopyright 2009 Justin C. Klein Keane,
University of Pennsylvania, School of Arts and Sciences
Identity Finder Console
Allows central staff to track installations Allows queries for reports to upper management
We have two installers Quiet only reports installation Full only reports hits and remediation status, but
doesn't reproduce excerpts Console will allow us to build and push custom
installation parameters
Copyright 2009 Justin C. Klein Keane, University of Pennsylvania, School of Arts
and Sciences
Deployment
Typically our SSN data is found in older data stores rather than being created
In part thanks to our SPIA efforts Identified 300 target faculty that have been at
Penn long enough to have produced SSN based student records
Also targeted key administrative staff offices
Copyright 2009 Justin C. Klein Keane, University of Pennsylvania, School of Arts
and Sciences
Deployment (cont.)
Utilize Local Support Providers (LSP's) to install, train users, and help with remediation
Tracking deployments via our Console Using Console to identify and follow up with end
points that find large stores of sensitive data Console also allows us to collect a central list of
known false positives
Copyright 2009 Justin C. Klein Keane, University of Pennsylvania, School of Arts
and Sciences
Remediation Strategies
If sensitive data is found: It is shredded using Identity Finder's
shredding functionality if possible If data must be retained it is quarantined to a
central file server using Identity Finder's quarantine functionality (other possible remediation as well)
We are discouraging encryption due to key escrow concerns
We don't allow sensitive data to be deleted via the Recycle BinCopyright 2009 Justin C. Klein Keane,
University of Pennsylvania, School of Arts and Sciences
Future Deployments
Deploy to server administrators for scanning central stores
Target central “quarantine” locations for file/folder level encryption
Copyright 2009 Justin C. Klein Keane, University of Pennsylvania, School of Arts
and Sciences
Alternative Uses of Identity Finder
Incident response Allows us to quickly and accurately determine
if backup images contain sensitive data Not forensically sound, but on backups this is
OK
Copyright 2009 Justin C. Klein Keane, University of Pennsylvania, School of Arts
and Sciences
Other Advantages of Identity Finder
Ease of results encryption Identity Finder uses encrypted connections to
the central server over port 80 – no firewall issues
Identity Finder doesn't require ports to be open on end points
Scheduled scans Automatic updates
Copyright 2009 Justin C. Klein Keane, University of Pennsylvania, School of Arts
and Sciences
Other Advantages of Identity Finder (cont.)
Integration with our existing infrastructure Wizard for end users Checking for sensitive data stored from
browsers Integration with other client programs to open
secured files
Copyright 2009 Justin C. Klein Keane, University of Pennsylvania, School of Arts
and Sciences
Thank you
Copyright 2009 Justin C. Klein Keane, University of Pennsylvania, School of Arts
and Sciences