18th Panhelenic Conference of Informatics University of Piraeus Koutsourelis Dimitrios a Sokratis K. Katsikas b Systems Security Laboratory Dept. of Digital Systems School of Information & Communication Technologies University of Piraeus aMsc in Security of Digital Systems bProfessor, University of Piraeus Outline 1. Data Loss Prevention and other boring terms. 2. Main goal and benefits. 3. Implementation. Data Loss Prevention - What is it? Data Loss Prevention Firewalls and IDSs Data Loss Prevention Data Loss Prevention - What is it? Dta Leak Prevention Extrusion Prevention Data Loss Information Loss Prevention DLP Prevention Content Monitoring and Filtering Data Loss Protection Data Leak Protection Types of DLP 3 Primary states of Data Datain atinMotion Rest Use Information DLP Basic Components Endpoint DLP Network DLP Central Management Console DLP’s Basic Characteristic Content Discovery Content What and Awareness Where? OpenDLP Windows filesystem Only deals with the Free , Open Source, agent Components: Regular Network Encryption expressions defeats Windows Share and agentless based DLP Endpoint UNIX Filesystem Web application found this tool in cleartext software tool Microsoft SQL Server Agents MySQL OpenDLP More information: 1. OpenDLP, Available online: https://code.google.com/p/opendlp/. 2. OpenDLP: Data loss prevention tool, Available online: http://www.netsecurity.org/secworld.php?id=9226. MyDLP Data in motion FreeAgent DLP software based Windows OS Data at rest tool . Data in use MyDLP Enterprise Edition Community Edition MyDLP More information: 1. R. K, Open Source DLP – Data Leak/Loss Prevention Application: MyDLP, Available Online: http://www.excitingip.com/3950/open-source-dlp-dataleakloss-prevention-application-mydlp/. 2. MyDLP, Available Online: http://www.mydlp.com/why-mydlp/. 3. MyDLP Administration Guide, Version 2.0, MyDLP, 2012. 4. MyDLP Endpoint Installation Guide, Version 2.0, MyDLP, 2013. 5. MyDLP Installation Guide, Version 2.0, MyDLP, 2013. Main Goal DLP solution based exclusively on free software tools. MyDLP and OpenDLP. Combination and colaboration. MyDLP Community vs Enterprise Edition OpenDLP – MyDLP combination MyDLP OpenDLP Data in Motion Data at Rest Data in Use Data at Rest OpenDLP – MyDLP combination OpenDLP - What data and where. MyDLP – Exact policies for Data in Motion, Data in Use. OpenDLP – MyDLP combination OpenDLP – MyDLP combination Benefits: 1. Limit resources consumption 2. Increase detection speed 3. Reduce False Positives Human Factor – The weak link Constant need for StartDLP scans Update Check results Policies human interference Human Factor – The weak link The Need for Automation Event scheduling NOT TO REPLACE THE 2. OpenDLP’s scan results comparison. mechanism WEB PLATFORMS 1. Scan initiation procedure in OpenDLP. 3. Rules creation procedure in MyDLP. e.g. Cron scheduler OpenDLP Automation Selenium Webdriver Export and save HTML Startelements scan results Results Comparison Automation Existing Data If filename EXISTS, Md5 value NOT if filename AND md5 values NOT in if filename AND md5 value EXIST in XML Document Current Previous Scan Scan Results Results File File unchanged Modified File Deleted incurrent current scan’s results scan’s results current scan’s results Modification Results Comparison IfNew filename New Data EXISTS, Entries but New data entries or Data detection New If filename File Detected NOT infiles pattern Detected NOT in detected sent to previous scan’s results previous scan’s administrator viaresults e-mail MyDLP Automation Flash app disassembling not Use of Selenium Webdriver Limitation reliable NOT possible Sikuli Create rules based on custom user Parse OpenDLP’s detected data Image Recognition Custom user object object Technology Conclusion Solid DLP services at no cost! Combination of tools counterbalances weaknesses. Automation increases system’s capabilities. Minimize human error and negligence References ISACA, "Data Leak Prevention“, ISACA, 2010. Prathaben Kanagasingham, Sans Insitute, "Data Loss Prevention“, Sans Insitute, 2008. T. Torsteinbø, “Data Loss Prevention Systems and Their Weaknesses”, University of Agder, 2012. Securosis, L.L.C, "Understanding and Selecting a Data Loss Prevention Solution“, Securosis, 2010 References D. Koutsourelis, Designing a free Data Loss Prevention System, MSc Thesis, Piraeus: Systems Security Laboratory, Dept. of Digital Systems, University of Piraeus, 2014. Questions ???