Date post: | 17-Dec-2015 |
Category: |
Documents |
Upload: | damian-higgins |
View: | 214 times |
Download: | 0 times |
DESIGNING AND DEVELOPING FREE DATA LOSS PREVENTION SYSTEM
University of Piraeus
18th Panhelenic Conference of
Informatics
Koutsourelis Dimitrios a Sokratis K. Katsikas b
Systems Security Laboratory
Dept. of Digital Systems School of Information & Communication Technologies
University of Piraeus
aMsc in Security of Digital Systems
bProfessor, University of Piraeus
Outline
1. Data Loss Prevention and other boring
terms.
2. Main goal and benefits.
3. Implementation.
Data Loss Prevention - What is it?
Data Loss Prevention
Firewalls and IDSsData Loss Prevention
Data Loss Prevention - What is it?
Data Loss PreventionDLP
Data Loss Protection
Dta Leak Prevention
Data Leak Protection
Extrusion Prevention
Information Loss Prevention
Content Monitoring and Filtering
Types of DLP
3 Primary states of
InformationData at RestData in MotionData in Use
DLP Basic Components
Endpoint DLPNetwork DLPCentral Management
Console
DLP’s Basic Characteristic
What and Where?Content AwarenessContent Discovery
OpenDLP
Free , Open Source, agent and agentless based DLP software tool
Regular expressions found in cleartextEncryption defeats this toolComponents:Web applicationAgents
Only deals with the Endpoint
Windows filesystemWindows Network ShareUNIX FilesystemMicrosoft SQL ServerMySQL
OpenDLP
More information:
1. OpenDLP, Available online: https://code.google.com/p/opendlp/.
2. OpenDLP: Data loss prevention tool, Available online:http://www.net-security.org/secworld.php?id=9226.
MyDLP
Free DLP software tool.
Data in motion
Data at rest
Data in use
Agent basedWindows OS
MyDLP
Enterprise Edition
Community Edition
MyDLP
More information:
1. R. K, Open Source DLP – Data Leak/Loss Prevention Application: MyDLP,
Available Online:
http://www.excitingip.com/3950/open-source-dlp-data-leakloss-prevention-
application-mydlp/
.
2. MyDLP, Available Online: http://www.mydlp.com/why-mydlp/.
3. MyDLP Administration Guide, Version 2.0, MyDLP, 2012.
4. MyDLP Endpoint Installation Guide, Version 2.0, MyDLP, 2013.
5. MyDLP Installation Guide, Version 2.0, MyDLP, 2013.
Main Goal DLP solution based exclusively on free
software tools. MyDLP and OpenDLP. Combination and colaboration.
MyDLP Community vs Enterprise Edition
OpenDLP – MyDLP combination
MyDLP
Data in Motion
Data in Use
Data at Rest
OpenDLP
Data at Rest
OpenDLP – MyDLP combination
OpenDLP - What data and
where.
MyDLP – Exact policies for
Data in Motion, Data in Use.
OpenDLP – MyDLP combination
Title???
Section???
OpenDLP – MyDLP combination
Benefits:
1. Limit resources consumption
2. Increase detection speed
3. Reduce False Positives
Human Factor – The weak link
Constant need for human interferenceStart scansCheck resultsUpdate DLP Policies
Human Factor – The weak link
Human Error
and Negligence
The Need for Automation
1. Scan initiation procedure in OpenDLP.
2. OpenDLP’s scan results comparison.
3. Rules creation procedure in MyDLP.
Event scheduling mechanism
e.g. Cron scheduler
NOT TO REPLACE THE WEB PLATFORMS
Selenium WebdriverExport and save results
Start scan
OpenDLP Automation
HTML elements
Results Comparison Automation
if filename AND md5 values NOT in current scan’s resultsFile Deletedif filename AND md5 value EXIST in current scan’s resultsFile unchangedIf filename EXISTS, Md5 value NOT
in current scan’s resultsFile ModifiedXML DocumentExisting Data Modification
Current Scan ResultsPrevious Scan Results
Results Comparison
New Data detectionNew data entries or files detected sent to
administrator via e-mail
If filename NOT in previous scan’s results
New File DetectedIf filename EXISTS, but pattern NOT in
previous scan’s results
New Data Entries Detected
MyDLP Automation
Use of Selenium Webdriver NOT possible
Flash app disassembling not reliable
Limitation
Sikuli
Image Recognition Technology
Parse OpenDLP’s detected dataCustom user objectCreate rules based on custom user object
ConclusionSolid DLP services at no cost!Combination of tools
counterbalances weaknesses.Automation increases system’s
capabilities.Minimize human error and
negligence
References
ISACA, "Data Leak Prevention“, ISACA, 2010.
Prathaben Kanagasingham, Sans Insitute, "Data
Loss Prevention“, Sans Insitute, 2008.
T. Torsteinbø, “Data Loss Prevention Systems and
Their Weaknesses”, University of Agder, 2012.
Securosis, L.L.C, "Understanding and Selecting a
Data Loss Prevention Solution“, Securosis, 2010
References D. Koutsourelis, Designing a free Data
Loss Prevention System, MSc Thesis, Piraeus: Systems Security Laboratory, Dept. of Digital Systems, University of Piraeus, 2014.
Questions ???