DOCSLIB.ORG

Designing a Free Data Loss Prevention System

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Designing a Free Data Loss Prevention System University of Piraeus Department of Digital Systems MSc in Security of Digital Systems Master Thesis Designing a free Data Loss Prevention system Dimitrios Koutsourelis March 2014 Data Loss Prevention Systems Supervisors Sokratis Katsikas, Professor University of Piraeus Spyros Papageorgiou, Captain (OF-5) Hellenic National Defense General Staff/ Directorate of Cyber Defense Dimitrios Koutsourelis 2 Data Loss Prevention Systems Abstract Data Loss is an everyday threat within all organizations. The leaking of confidential data ultimately results in a loss of revenue. A quarter of all Data Loss is widely attributed to the use of applications such as Voice, Email, Instant Messaging, Social Networks, Blogs, P2P and Videos. A common approach, adopted to prevent Data Loss is the use of sophisticated data detection algorithms and the deployment of systems to control applications, attempting to access the outside world [1]. Many vendors currently offer data loss prevention products for no small amount of money. This thesis focuses on providing all the necessary information needed to fully comprehend the terms that wrap around data loss prevention and illustrating some of the most common mechanisms and techniques used by the available software. Also, two publicly available, free, data loss prevention software tools, MyDLP and OpenDLP, are presented and analyzed. In the third part of this project, a system architecture is presented, designed to combine the two previously mentioned software in a way such that they co-exist inside an information system, complementing each other, providing solid data loss prevention services. Dimitrios Koutsourelis 3 Data Loss Prevention Systems Table of Contents 1 Introduction .......................................................................................................... 6 1.1 Background ..................................................................................................... 6 1.2 Objectives ........................................................................................................ 7 1.3 Structure .......................................................................................................... 7 2 Data Loss Prevention - DLP................................................................................ 7 2.1 What is Data Loss Prevention? ....................................................................... 7 2.2 Definition ........................................................................................................ 9 2.3 Various Related Terms .................................................................................... 9 2.4 Data Loss Threats .......................................................................................... 10 2.4.1 Accidental data loss ............................................................................... 10 2.4.2 Insider Attacks ....................................................................................... 10 2.4.3 External Attacks ..................................................................................... 11 2.5 Content Awareness ........................................................................................ 12 2.5.1 Content Analysis Techniques ................................................................ 12 2.6 DLP System Architecture and Data Protection Types .................................. 14 2.6.1 Data at Rest (Endpoint DLP) ................................................................. 16 2.6.2 Data in Motion (Network DLP) ............................................................. 17 2.6.3 Data in Use ............................................................................................. 18 2.6.4 Central Management .............................................................................. 18 3 Data Loss Prevention Tools............................................................................... 20 3.1 OpenDLP ....................................................................................................... 20 3.1.1 Workflows.............................................................................................. 23 3.2 MyDLP .......................................................................................................... 26 3.2.1 Policy Management ............................................................................... 27 3.2.2 Endpoint Management ........................................................................... 29 3.2.3 Logs........................................................................................................ 30 3.2.4 MyDLP Block Request Example ........................................................... 31 4 Designing a free DLP solution using OpenDLP and MyDLP ........................ 32 4.1 Human factor – The weak link ...................................................................... 33 4.2 The Need for Automation ............................................................................. 34 4.2.1 OpenDLP Automation ........................................................................... 35 4.2.1.1 Selenium ............................................................................................. 35 4.2.2 Scan Comparison Automation ............................................................... 36 4.2.3 MyDLP Automation .............................................................................. 38 4.2.3.1 Sikuli .................................................................................................. 38 4.2.3.2 Sikuli’s Limitation.............................................................................. 39 5 Conclusion .......................................................................................................... 39 6 Bibliography ....................................................................................................... 41 7 Appendices .......................................................................................................... 44 7.1 Appendix A - OpenDLP Automation........................................................... 44 7.2 Appendix B – Scans Comparison.................................................................. 46 7.3 Appendix C – Sikuli Script ........................................................................... 49 Dimitrios Koutsourelis 4 Data Loss Prevention Systems List of Figures1 Figure 1: Basic DLP system architecture..................................................................... 15 Figure 2: Endpoint DLP architecture ........................................................................... 16 Figure 3: Data in Motion DLP architecture ................................................................. 18 Figure 4: OpenDLP Logo ............................................................................................ 20 Figure 5: OpenDLP’s main page ................................................................................. 22 Figure 7: New OpenDLP Scan Profile......................................................................... 23 Figure 6: OpenDLP Regular Expressions management .............................................. 23 Figure 8: OpenDLP Scan Start .................................................................................... 24 Figure 9: View Scan Results ........................................................................................ 25 Figure 10: MyDLP logo ............................................................................................... 26 Figure 11: MyDLP Policy Tab .................................................................................... 28 Figure 12: Endpoints MyDLP Tab .............................................................................. 30 Figure 13: Logs Tab ..................................................................................................... 31 Figure 14: Access Denied by MyDLP ......................................................................... 31 Figure 15: MyDLP- OpenDLP combination ............................................................... 33 Figure 16: Cron job scheduler basic syntax ................................................................. 34 Figure 17: Selenium Logo ........................................................................................... 35 Figure 18: OpenDLP scan XML tree ........................................................................... 36 Figure 19: Detected Data ............................................................................................. 37 Figure 20: Scan Comparison Report ............................................................................ 38 1 All images representing a network architecture were created using Microsoft Visio 2013. Images presenting the operation of OpenDLP and MyDLP are screenshots taken while running the DLP software under test conditions. Dimitrios Koutsourelis 5 Data Loss Prevention Systems 1 Introduction 1.1 Background Over the last decade, enterprises have become increasingly reliant on digital information to meet business objectives. On any given business day, significant amounts of information fuel business processes that involve parties both inside and outside of enterprise network boundaries. There are many paths for these data to travel and they can travel in many forms—e-mail messages, word processing documents, spreadsheets, database flat files and instant messaging are only a few examples. Much of this information is innocuous, but in many cases a significant subset is categorized
Load more

Recommended publications
  • 4.2 Elasticsearch, Logstash, and Kibana (ELK S T a C K )
    T owards a Collection of Cost-E ffective T echnologies in Support of the NIST Cybersecurity Framework Submitted in partial fulfilment of the requirements of the degree of M a s t e r o f S c ie n c e of Rhodes University Bruce M. S. Shackleton Grahamstown, South Africa December 2017 i Abstract The NIST Cybersecurity Framework (CSF) is a specific risk and cybersecurity framework. It provides guidance on controls that can be implemented to help improve an organisa­ tion’s cybersecurity risk posture. The CSF Functions consist of Identify, Protect, Detect, Respond, and Recover. Like most Information Technology (IT) frameworks, there are elements of people, processes, and technology. The same elements are required to suc­ cessfully implement the NIST CSF. This research specifically focuses on the technology element. While there are many commercial technologies available for a small to medium sized business, the costs can be prohibitively expensive. Therefore, this research investigates cost-effective technologies and assesses their alignment to the NIST CSF. The assessment was made against the NIST CSF subcategories. Each subcategory was analysed to identify where a technology would likely be required. The framework provides a list of Informative References. These Informative References were used to create high- level technology categories, as well as identify the technical controls against which the technologies were measured. The technologies tested were either open source or proprietary. All open source technolo­ gies tested were free to use, or have a free community edition. Proprietary technologies would be free to use, or considered generally available to most organisations, such as components contained within Microsoft platforms.
    [Show full text]
  • Data Loss Prevention Systems and Their Weaknesses
    Data Loss Prevention Systems and Their Weaknesses Tore Torsteinbø Supervisors Michael Sonntag (JKU) Vladimir A. Oleshchuk (UiA) This Master’s Thesis is carried out as a part of the education at the University of Agder and is therefore approved as a part of this education. However, this does not imply that the University answers for the methods that are used or the conclusions that are drawn. University of Agder, 2012 Faculty of Engineering and Science Department of Information Technology Data Loss Prevention Systems and Their Weaknesses WARNING! This document contains sensitive information and is only for internal distribution to trusted parties. ii Data Loss Prevention Systems and Their Weaknesses Abstract (English) Data loss prevention (DLP) has grown in popularity for the last decade and is now becoming a mature technology. With the growing amount of digitally stored assets, the need for enterprises to detect and prevent data loss is increasing. DLP software that analyses traffic, detects and blocks unauthorized use of confidential data is therefore a result of this growing need, but do these security products live up to their own claims? This thesis will look at how effective DLP is at preventing different types of data loss depending on the various factors involved, such as nature of the attack and the technical knowledge of the attacker. Through examples from real DLP software we will outline the various components that make up a modern DLP solution and how they work together to protect the data of an organization. We hypothesize that current DLP products are insecure and pose a security risk to the environment they are installed in.
    [Show full text]
  • Introduction to Computational Techniques
    Chapter 2 Introduction to Computational Techniques Computational techniques are fast, easier, reliable and efficient way or method for solving mathematical, scientific, engineering, geometrical, geographical and statis- tical problems via the aid of computers. Hence, the processes of resolving problems in computational technique are most time step-wise. The step-wise procedure may entail the use of iterative, looping, stereotyped or modified processes which are incomparably less stressful than solving problems-manually. Sometimes, compu- tational techniques may also focus on resolving computation challenges or issues through the use of algorithm, codes or command-line. Computational technique may contain several parameters or variables that characterize the system or model being studied. The inter-dependency of the variables is tested with the system in form of simulation or animation to observe how the changes in one or more parameters affect the outcomes. The results of the simulations, animation or arrays of numbers are used to make predictions about what will happen in the real system that is being studied in response to changing conditions. Due to the adoption of computers into everyday task, computational techniques are redefined in various disciplines to accommodate specific challenges and how they can be resolved. Fortunately, computational technique encourages multi-tasking and interdisciplinary research. Since computational technique is used to study a wide range of complex systems, its importance in environmental disciplines is to aid the interpretation of field measurements with the main focus of protecting life, prop- erty, and crops. Also, power-generating companies that rely on solar, wind or hydro sources make use of computational techniques to optimize energy production when extreme climate shifts are expected.
    [Show full text]
  • File Systems and Sysadmin
    ;login FEBRUARY 2014 VOL. 39, NO. 1 : File Systems and Sysadmin & An Overview of Object Storage Matthew W. Benjamin, Casey Bodley, Adam C. Emerson, and Marcus Watts & Hadoop 2 Sanjay Radia and Suresh Srinivas & Loser Buys, Two Tales of Debugging Mark Bainter and David Josephsen & Improving Performance of Logging Reports and Dashboards David Lang & Change Management Jason Paree and Andy Seely Columns Practical Perl Tools: Redis Meets Perl David N. Blank-Edelman Python: The Wheels Keep on Spinning David Beazley iVoyeur: Counters Dave Josephsen For Good Measure: Measuring Security Book Value Dan Geer and Gunnar Peterson /dev/random: Cybertizing the World Robert Ferrell Conference Reports LISA ’13: 27th Large Installation System Administration Conference Advanced Topics Workshop at LISA ’13 UPCOMING EVENTS FAST ’14: 12th USENIX Conference on File and 23rd USENIX Security Symposium Storage Technologies August 20–22, 2014, San Diego, CA, USA February 17–20, 2014, Santa Clara, CA, USA www.usenix.org/sec14 www.usenix.org/fast14 Submissions due: February 27, 2014 2014 USENIX Research in Linux File and Storage Workshops Co-located with USENIX Security ’14 Technologies Summit EVT/WOTE ’14: 2014 Electronic Voting Technology In conjunction with FAST ’14 Workshop/Workshop on Trustworthy Elections February 20, 2014, Mountain View, CA, USA USENIX Journal of Election Technology and Systems (JETS) NSDI ’14: 11th USENIX Symposium on Networked Published in conjunction with EVT/WOTE Systems Design and Implementation www.usenix.org/jets April 2–4, 2014, Seattle,
    [Show full text]