Designing a free data loss prevention system

advertisement
18th Panhelenic
Conference of
Informatics
University of
Piraeus
Koutsourelis Dimitrios a
Sokratis K. Katsikas b
Systems Security Laboratory
Dept. of Digital Systems
School of Information & Communication Technologies
University of Piraeus
aMsc
in Security of Digital Systems
bProfessor, University
of Piraeus
Outline
1.
Data Loss Prevention and other boring
terms.
2.
Main goal and benefits.
3.
Implementation.
Data Loss Prevention - What is it?
Data Loss
Prevention
Firewalls and IDSs
Data Loss Prevention
Data Loss Prevention - What is it?
Dta Leak Prevention
Extrusion Prevention
Data
Loss
Information Loss Prevention
DLP
Prevention
Content Monitoring and
Filtering
Data Loss Protection
Data Leak Protection
Types of DLP
3 Primary states of
Data
Datain
atinMotion
Rest
Use
Information
DLP Basic Components
Endpoint DLP
Network DLP
Central Management
Console
DLP’s Basic Characteristic
Content
Discovery
Content
What
and
Awareness
Where?
OpenDLP
Windows filesystem
Only
deals
with
the
Free
,
Open
Source,
agent
Components:
Regular Network
Encryption
expressions
defeats
Windows
Share
and
agentless
based
DLP
Endpoint
UNIX
Filesystem
Web
application
found
this
tool
in
cleartext
software
tool
Microsoft SQL Server
Agents
MySQL
OpenDLP
More information:
1. OpenDLP, Available online:
https://code.google.com/p/opendlp/.
2. OpenDLP: Data loss prevention tool,
Available online: http://www.netsecurity.org/secworld.php?id=9226.
MyDLP
 Data in motion
FreeAgent
DLP
software
based
Windows
OS
 Data
at rest
tool
.
 Data in use
MyDLP
Enterprise Edition
Community Edition
MyDLP
More information:
1. R. K, Open Source DLP – Data Leak/Loss Prevention Application: MyDLP,
Available Online: http://www.excitingip.com/3950/open-source-dlp-dataleakloss-prevention-application-mydlp/.
2. MyDLP, Available Online: http://www.mydlp.com/why-mydlp/.
3. MyDLP Administration Guide, Version 2.0, MyDLP, 2012.
4. MyDLP Endpoint Installation Guide, Version 2.0, MyDLP, 2013.
5. MyDLP Installation Guide, Version 2.0, MyDLP, 2013.
Main Goal

DLP solution based exclusively on free
software tools.
 MyDLP and OpenDLP.
 Combination and colaboration.
MyDLP Community vs Enterprise
Edition
OpenDLP – MyDLP combination
MyDLP
OpenDLP
Data in Motion
Data at Rest
Data in Use
Data at Rest
OpenDLP – MyDLP combination
 OpenDLP - What data and
where.

MyDLP – Exact policies for
Data in Motion, Data in Use.
OpenDLP – MyDLP combination
OpenDLP – MyDLP combination
Benefits:
1. Limit resources consumption
2. Increase detection speed
3. Reduce False Positives
Human Factor – The weak link
Constant need for
StartDLP
scans
Update
Check
results
Policies
human interference
Human Factor – The weak link
The Need for Automation
Event
scheduling
NOT
TO
REPLACE
THE
2. OpenDLP’s scan results comparison.
mechanism
WEB PLATFORMS
1.
Scan initiation procedure in OpenDLP.
3.
Rules creation procedure in MyDLP.
e.g. Cron scheduler
OpenDLP Automation
Selenium Webdriver
Export
and
save
HTML
Startelements
scan
results
Results Comparison Automation
Existing
Data
If
filename
EXISTS,
Md5
value
NOT
if
filename
AND
md5
values
NOT
in
if filename
AND
md5
value
EXIST
in
XML
Document
Current
Previous
Scan
Scan
Results
Results
File
File
unchanged
Modified
File
Deleted
incurrent
current
scan’s
results
scan’s
results
current
scan’s results
Modification
Results Comparison
IfNew
filename
New
Data
EXISTS,
Entries
but
New
data
entries
or
Data
detection
New
If filename
File Detected
NOT infiles
pattern
Detected
NOT
in
detected
sent
to
previous scan’s results
previous scan’s
administrator
viaresults
e-mail
MyDLP Automation
Flash
app
disassembling
not
Use of Selenium
Webdriver
Limitation
reliable
NOT possible
Sikuli
Create
rules
based
on
custom
user
Parse
OpenDLP’s
detected
data
Image
Recognition
Custom
user
object
object
Technology
Conclusion
Solid DLP services at no cost!
Combination of tools
counterbalances weaknesses.
Automation increases system’s
capabilities.
Minimize human error and
negligence
References

ISACA, "Data Leak Prevention“, ISACA, 2010.

Prathaben Kanagasingham, Sans Insitute, "Data
Loss Prevention“, Sans Insitute, 2008.

T. Torsteinbø, “Data Loss Prevention Systems and
Their Weaknesses”, University of Agder, 2012.

Securosis, L.L.C, "Understanding and Selecting a
Data Loss Prevention Solution“, Securosis, 2010
References

D. Koutsourelis, Designing a free Data
Loss Prevention System, MSc Thesis,
Piraeus: Systems Security Laboratory,
Dept. of Digital Systems, University of
Piraeus, 2014.
Questions ???
Download