identity finder presentation
DESCRIPTION
Identity Finder RolloutTRANSCRIPT
1
CO Identity Finder Rollout
Tony Modiri - CISSP, CISMJuly 31, 2014
2
Topics to Cover
Why Identity Finder (IF) Develop a Project Plan IF Software & License IF requirements and Installation Demo: IF DLP Console and Client What to do with the PII findings Q & A (As we go along…)
CO Identity Finder Rollout
CSU Information Security Policy 8025.0
CO Identity Finder Rollout
3
Policy Title: Privacy of Personal InformationSection 200 - Collection of Personal Information
To comply with state and federal laws and regulations, campuses may not collect personally identifiable information unless the need for it has been clearly established.Where such information is collected: The campus will use reasonable efforts to ensure that personally identifiable information is adequately protected from
unauthorized disclosure. The campus shall store personally identifiable information only when it is appropriate and relevant to the purpose for which
it has been collected.
California Law – Data Security Breach Reporting ( http://oag.ca.gov/ecrime/databreach/reporting)
California law requires a business or state agency to notify any California resident whose unencrypted personal information, as defined, was acquired, or reasonably believed to have been acquired, by an unauthorized person. (California Civil Code s. 1798.29(a) and California Civ. Code s. 1798.82(a))
Any person or business that is required to issue a security breach notification to more than 500 California residents as a result of a single breach of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Attorney General. (California Civil Code s. 1798.29(e)and California Civ. Code s. 1798.82(f))
4
Project Plan & Where to get Identity Finder S/W
Develop a Project PlanCommunications to User CommunityYour ticketing systemInstallation planPilot team for testing and tuningIF User GuideCampus-wide deployment
IF License key file distribution to ISOs Go to ISAC SharePoint for IF S/W
CO Identity Finder Rollout
5
Console Deployment
Hardware RequirementsProcessorFor any number of endpoints reporting into the Console, at least 2 CPUs are recommended for both the IIS server and the Database server (either physical CPUs, virtual CPUS, or cores). If both the IIS and Database server are on the same physical system the suggestions in the table below should be doubled.
MemoryFor any number of endpoints reporting into the Console, at least 2GB of RAM are recommended for both the IIS server and the Database server. If both the IIS and Database server are on the same physical system the suggestions in the table below should be doubled.
CO Identity Finder Rollout
Number of Endpoints
Suggested Number of CPUs per Server (each for IIS and DB)
1-5,000 25,000-50,000 450,000+ 8
Number of Endpoints
Suggested amount of RAM per server (each for IIS and DB)
1-500 2GB5,000-10,000 4GB10,000-50,000 8GB50,000-100,000+
16GB
6
Console Deployment
Software Requirements The Identity Finder Console is the aggregation point for search results, provides charting and reporting, establishes search policies, schedules searches on the clients (endpoints) and provides remediation capabilities.
Application Server Minimum Required OS: Windows 2008, 2008 R2, or 2012 (x86 and x64 are supported; however, Itanium is not supported) Recommended OS: Windows 2012 x64
Database Server Minimum Required OS: Windows 2008, 2008 R2, or 2012 (x86, x64, or Itanium) Recommended OS: Windows 2012 x64 Minimum Required DB: SQL Server 2008, 2008 R2, or 2012. All editions of SQL Server are supported except SQL Server
Compact Edition.
Recommended DB: SQL Server 2012 x64 (MMS-SQL Server License is also required)
Note: The database server may exist on the same system as the application server or on a separate system. Separate systems with a dedicated, tuned database server are recommended.
CO Identity Finder Rollout
7
Console Deployment
Network Requirements The console application server requires an open HTTP or HTTPS port for communication with clients. This port is most commonly TCP port 80 for HTTP and 443 for HTTPS, though any port may be specified. Additional steps are required to configure HTTPS.
CO Identity Finder Rollout
MS-SQL port 1433Console in internal DNS
8
Console Deployment
Prerequisites and Pre-Deployment Validation Steps
CO Identity Finder Rollout
Note: The console installation takes about 30-90 minutes. Plan on doing the installation with your Windows Server Administrator and SQL DBA present.
9
Client InstallsCreating a Custom Installer for Windows (MSI)The Microsoft Windows Installer is a piece of software provided by Microsoft. It’s an installation package, to make the task of software installation faster, and more efficient and customizable. It is desirable to customize this package to include custom settings, license file and configuration options such as the information necessary to communicate with the enterprise console. After the Console installation, client settings will be available at http://Application-server/Console
CO Identity Finder Rollout
Using MSIBuilder to Automatically Edit an MSI
Creating a Custom Installer for Mac (PackageMaker)
You can also create and deploy a custom Installer dmg Package that can include a custom plist, license file, and other supplementary files as well as configure the endpoint service application.
10
Identity Finder Console Policies
Console policies provide the mechanism to configure settings for Windows and Mac clients. Those settings allow the customization of the user experience, the forced configuration of options, and the establishment of search criteria.There are three types of policies System
System policies force settings on the selected endpoints and cannot be changed by an end user interacting with the client. Once the policy type is selected, it cannot be changed. [Note: Good place to exclude folders that end-users cannot write to]
User Default Here you define settings to be used in place of the application default settings. Settings defined in this policy can be changed by end-users.
Scheduled Task Automatically execute a search according to the schedule defined in the policy. Settings defined in this policy cannot be changed by end-users. If no settings are defined in this policy, the settings from any System policies and the application default will be used
After the policy has been created, it is necessary to specify the endpoints to which the policy will apply. Any combination of endpoints and tags can be specified and the list can be modified at any time.
CO Identity Finder Rollout
11
A Few Recommended Policy Settings
Some Settings Recommended by IF Require profile login (Profile\RequireProfileLogin): Set this value to, "Require login“ Disable recycle action (Settings\Actions\Disable\disableAction_Recycle): Set this value to, "Disable Recycle“(I left Enabled) Force creation of the quarantine folder (Settings\Actions\Quarantine\CreateFolderIfNonexistent) : Set this value to, "True“ Duplicate quarantine folder path structure (Settings\Actions\Quarantine\DuplicateFolderPaths) : Set this value to, "Enable“ Leave a warning text file after quarantining (Settings\Actions\Quarantine\LeaveBehindWarningText): Set this value to,
"Enable“ Specify the number of shred passes (Settings\Actions\Shred\ShredPasses): Set this value to, "1" (I left ours at 3) Enable AnyFind searching for Social Security Numbers (Settings\Identities\SSN\EnableAnyFind) : Set this value to, "Enable“ Advanced file type identification method (Settings\Locations\Files\UseAdvancedFileIdentification): Set this value to,
"Included File Types“ Specify that new updates should automatically be downloaded and installed without prompting the user (Settings\
Updates\AutomaticallyDownloadandInstallUpdates): Set this value to, "Enable“ After an application update is downloaded, launch the upgrade installer to allow user interaction (Settings\Updates\
InteractiveInstall): Set this value to, "Disable" Disable the Websites and Database search locations (Settings\Locations\Websites\Disable\disableSearch_Websites and
Settings\Locations\Databases\Disable\disableSearch_Database): Set these values to "Disable website search“
Complete list: http://www.identityfinder.com/kb/Enterprise-Documentation/192877
CO Identity Finder Rollout
12
Settings Locations and Priorities
When a specific setting is configured in multiple sources, it may be necessary to analyze the order in which the settings are applied to understand the effect on the client. At a high level, settings are applied in the following order: System policies (applied in the order of their priority as defined in the Enterprise Console) System settings locally defined on the client (e.g., in HKEY_LOCAL_MACHINE on Windows or
in a system plist on Mac) Scheduled Task policies Configuration files supplied via a command line switch User Default policies User settings locally defined on the client (e.g., in HKEY_CURRENT_USER on Windows or in a
user plist on Mac) Internal application defaults
Ref: http://www.identityfinder.com/kb/Enterprise-Documentation/181999
CO Identity Finder Rollout
13
Identity Finder Workflows (New Feature)
Workflows provides the ability to assign results to users, send notifications when automatic or manual assignment occurs, track the status of the assignments and assign classifications to results. One of the most powerful capabilities with this feature is automatic Assignment based on granular, robust criteria. For example: whenever there are endpoints discovered that have more than 500 credit card numbers A spreadsheet contains SSNs and is stored on a specific file server
As an example, you can create a workflow rule that is triggered whenever there are locations discovered that have more than 5 credit card numbers. The trigger will automatically assign a “High” classification to the results and assign those results to the owner of the endpoint on which the results were found and then send them an email notification. The email will contain a link that, when clicked, will allow the user to log into the console and see a filtered view of the matching results and allow them to take action on those results, for example, to Shred them. When the user schedules a shred, the status changes from Assigned to In Progress. Once successfully shredded, the status of the result changes to Resolved. You can then create a report to view a count of all unassigned, in progress, and assigned results by endpoint.
Ref: http://www.identityfinder.com/help/enterpriseconsole/index.htm#3600.htm
CO Identity Finder Rollout
14
CO IF Users Guide & Identity Finder Demo
CO Identity Finder Rollout
Hands on Demo of Identity Finder Client and
Enterprise Console
15
Identity Finder Release Schedule
Releases will fall into one of the following four categories:Major release
Contains significant new features and functions, updates to existing features, and a roll-up of all releases since the last interim release.
Released annually Version number change such as 5.x to 6.0, 6.x to 7.0
Interim release May contain some new features and functions. Includes updates to existing features and a roll-up of all releases since the last
major release. Released annually on a six-month alternating schedule with major releases Version number change such 5.x to 5.5, 6.x to 6.5
Minor release: Contains minor updates to existing features. Addresses outstanding issues and includes a roll-up of all releases since the last
minor release. Released bi-monthly except when there is an interim or major release Version number change such as 5.0 to 5.1, 5.6 to 5.7
Dot release: Addresses one or more specific, customer issues. Released as needed with no set schedule Version number change such as 5.0.0 to 5.0.1, 5.6.0 to 5.6.1
CO Identity Finder Rollout
16
References
Console Deployment Guide & System Requirementshttp://www.identityfinder.com/kb/Enterprise-Documentation/191239#Prerequisite
Console Hardware Sizinghttp://www.identityfinder.com/kb/Enterprise-Documentation/59105
Configuring IIS for the Consolehttp://www.identityfinder.com/kb/Enterprise-Documentation/573167
Getting Started with Console Policieshttp://www.identityfinder.com/kb/Enterprise-Documentation/192877
Creating a Custom Installer for Windows Clientshttp://www.identityfinder.com/kb/Enterprise-Documentation/195244
Creating a Custom Installer for Mac Clientshttp://www.identityfinder.com/kb/Enterprise-Documentation/180010
CO Identity Finder Rollout
17
CO Identity Finder Rollout
18
\
www.calstate.edu