identity finder presentation

1

CO Identity Finder Rollout

Tony Modiri - CISSP, CISMJuly 31, 2014

2

Topics to Cover

Why Identity Finder (IF) Develop a Project Plan IF Software & License IF requirements and Installation Demo: IF DLP Console and Client What to do with the PII findings Q & A (As we go along…)


CSU Information Security Policy 8025.0


3

Policy Title: Privacy of Personal InformationSection 200 - Collection of Personal Information

To comply with state and federal laws and regulations, campuses may not collect personally identifiable information unless the need for it has been clearly established.Where such information is collected: The campus will use reasonable efforts to ensure that personally identifiable information is adequately protected from

unauthorized disclosure. The campus shall store personally identifiable information only when it is appropriate and relevant to the purpose for which

it has been collected.

California Law – Data Security Breach Reporting ( http://oag.ca.gov/ecrime/databreach/reporting)

California law requires a business or state agency to notify any California resident whose unencrypted personal information, as defined, was acquired, or reasonably believed to have been acquired, by an unauthorized person. (California Civil Code s. 1798.29(a) and California Civ. Code s. 1798.82(a))

Any person or business that is required to issue a security breach notification to more than 500 California residents as a result of a single breach of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Attorney General. (California Civil Code s. 1798.29(e)and California Civ. Code s. 1798.82(f))

http://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV&sectionNum=1798.29




4

Project Plan & Where to get Identity Finder S/W

Develop a Project PlanCommunications to User CommunityYour ticketing systemInstallation planPilot team for testing and tuningIF User GuideCampus-wide deployment

IF License key file distribution to ISOs Go to ISAC SharePoint for IF S/W


5

Console Deployment

Hardware RequirementsProcessorFor any number of endpoints reporting into the Console, at least 2 CPUs are recommended for both the IIS server and the Database server (either physical CPUs, virtual CPUS, or cores). If both the IIS and Database server are on the same physical system the suggestions in the table below should be doubled.

MemoryFor any number of endpoints reporting into the Console, at least 2GB of RAM are recommended for both the IIS server and the Database server. If both the IIS and Database server are on the same physical system the suggestions in the table below should be doubled.


Number of Endpoints

Suggested Number of CPUs per Server (each for IIS and DB)

1-5,000 25,000-50,000 450,000+ 8

Number of Endpoints

Suggested amount of RAM per server (each for IIS and DB)

1-500 2GB5,000-10,000 4GB10,000-50,000 8GB50,000-100,000+

16GB

6

Console Deployment

Software Requirements The Identity Finder Console is the aggregation point for search results, provides charting and reporting, establishes search policies, schedules searches on the clients (endpoints) and provides remediation capabilities.

Application Server Minimum Required OS: Windows 2008, 2008 R2, or 2012 (x86 and x64 are supported; however, Itanium is not supported) Recommended OS: Windows 2012 x64

Database Server Minimum Required OS: Windows 2008, 2008 R2, or 2012 (x86, x64, or Itanium) Recommended OS: Windows 2012 x64 Minimum Required DB: SQL Server 2008, 2008 R2, or 2012. All editions of SQL Server are supported except SQL Server

Compact Edition.

Recommended DB: SQL Server 2012 x64 (MMS-SQL Server License is also required)

Note: The database server may exist on the same system as the application server or on a separate system. Separate systems with a dedicated, tuned database server are recommended.


7

Console Deployment

Network Requirements The console application server requires an open HTTP or HTTPS port for communication with clients. This port is most commonly TCP port 80 for HTTP and 443 for HTTPS, though any port may be specified. Additional steps are required to configure HTTPS.


MS-SQL port 1433Console in internal DNS

8

Console Deployment

Prerequisites and Pre-Deployment Validation Steps


Note: The console installation takes about 30-90 minutes. Plan on doing the installation with your Windows Server Administrator and SQL DBA present.

9

Client InstallsCreating a Custom Installer for Windows (MSI)The Microsoft Windows Installer is a piece of software provided by Microsoft. It’s an installation package, to make the task of software installation faster, and more efficient and customizable. It is desirable to customize this package to include custom settings, license file and configuration options such as the information necessary to communicate with the enterprise console. After the Console installation, client settings will be available at http://Application-server/Console


Using MSIBuilder to Automatically Edit an MSI

Creating a Custom Installer for Mac (PackageMaker)

You can also create and deploy a custom Installer dmg Package that can include a custom plist, license file, and other supplementary files as well as configure the endpoint service application.

10

Identity Finder Console Policies

Console policies provide the mechanism to configure settings for Windows and Mac clients. Those settings allow the customization of the user experience, the forced configuration of options, and the establishment of search criteria.There are three types of policies System

System policies force settings on the selected endpoints and cannot be changed by an end user interacting with the client. Once the policy type is selected, it cannot be changed. [Note: Good place to exclude folders that end-users cannot write to]

User Default Here you define settings to be used in place of the application default settings. Settings defined in this policy can be changed by end-users.

Scheduled Task Automatically execute a search according to the schedule defined in the policy. Settings defined in this policy cannot be changed by end-users. If no settings are defined in this policy, the settings from any System policies and the application default will be used

After the policy has been created, it is necessary to specify the endpoints to which the policy will apply. Any combination of endpoints and tags can be specified and the list can be modified at any time.


11

A Few Recommended Policy Settings

Some Settings Recommended by IF Require profile login (Profile\RequireProfileLogin): Set this value to, "Require login“ Disable recycle action (Settings\Actions\Disable\disableAction_Recycle): Set this value to, "Disable Recycle“(I left Enabled) Force creation of the quarantine folder (Settings\Actions\Quarantine\CreateFolderIfNonexistent) : Set this value to, "True“ Duplicate quarantine folder path structure (Settings\Actions\Quarantine\DuplicateFolderPaths) : Set this value to, "Enable“ Leave a warning text file after quarantining (Settings\Actions\Quarantine\LeaveBehindWarningText): Set this value to,

"Enable“ Specify the number of shred passes (Settings\Actions\Shred\ShredPasses): Set this value to, "1" (I left ours at 3) Enable AnyFind searching for Social Security Numbers (Settings\Identities\SSN\EnableAnyFind) : Set this value to, "Enable“ Advanced file type identification method (Settings\Locations\Files\UseAdvancedFileIdentification): Set this value to,

"Included File Types“ Specify that new updates should automatically be downloaded and installed without prompting the user (Settings\

Updates\AutomaticallyDownloadandInstallUpdates): Set this value to, "Enable“ After an application update is downloaded, launch the upgrade installer to allow user interaction (Settings\Updates\

InteractiveInstall): Set this value to, "Disable" Disable the Websites and Database search locations (Settings\Locations\Websites\Disable\disableSearch_Websites and

Settings\Locations\Databases\Disable\disableSearch_Database): Set these values to "Disable website search“

Complete list: http://www.identityfinder.com/kb/Enterprise-Documentation/192877


12

Settings Locations and Priorities

When a specific setting is configured in multiple sources, it may be necessary to analyze the order in which the settings are applied to understand the effect on the client. At a high level, settings are applied in the following order: System policies (applied in the order of their priority as defined in the Enterprise Console) System settings locally defined on the client (e.g., in HKEY_LOCAL_MACHINE on Windows or

in a system plist on Mac) Scheduled Task policies Configuration files supplied via a command line switch User Default policies User settings locally defined on the client (e.g., in HKEY_CURRENT_USER on Windows or in a

user plist on Mac) Internal application defaults

Ref: http://www.identityfinder.com/kb/Enterprise-Documentation/181999


13

Identity Finder Workflows (New Feature)

Workflows provides the ability to assign results to users, send notifications when automatic or manual assignment occurs, track the status of the assignments and assign classifications to results. One of the most powerful capabilities with this feature is automatic Assignment based on granular, robust criteria. For example: whenever there are endpoints discovered that have more than 500 credit card numbers A spreadsheet contains SSNs and is stored on a specific file server

As an example, you can create a workflow rule that is triggered whenever there are locations discovered that have more than 5 credit card numbers. The trigger will automatically assign a “High” classification to the results and assign those results to the owner of the endpoint on which the results were found and then send them an email notification. The email will contain a link that, when clicked, will allow the user to log into the console and see a filtered view of the matching results and allow them to take action on those results, for example, to Shred them. When the user schedules a shred, the status changes from Assigned to In Progress. Once successfully shredded, the status of the result changes to Resolved. You can then create a report to view a count of all unassigned, in progress, and assigned results by endpoint.

Ref: http://www.identityfinder.com/help/enterpriseconsole/index.htm#3600.htm


14

CO IF Users Guide & Identity Finder Demo


Hands on Demo of Identity Finder Client and

Enterprise Console

15

Identity Finder Release Schedule

Releases will fall into one of the following four categories:Major release

Contains significant new features and functions, updates to existing features, and a roll-up of all releases since the last interim release.

Released annually Version number change such as 5.x to 6.0, 6.x to 7.0

Interim release May contain some new features and functions. Includes updates to existing features and a roll-up of all releases since the last

major release. Released annually on a six-month alternating schedule with major releases Version number change such 5.x to 5.5, 6.x to 6.5

Minor release: Contains minor updates to existing features. Addresses outstanding issues and includes a roll-up of all releases since the last

minor release. Released bi-monthly except when there is an interim or major release Version number change such as 5.0 to 5.1, 5.6 to 5.7

Dot release: Addresses one or more specific, customer issues. Released as needed with no set schedule Version number change such as 5.0.0 to 5.0.1, 5.6.0 to 5.6.1


16

References

Console Deployment Guide & System Requirementshttp://www.identityfinder.com/kb/Enterprise-Documentation/191239#Prerequisite

Console Hardware Sizinghttp://www.identityfinder.com/kb/Enterprise-Documentation/59105

Configuring IIS for the Consolehttp://www.identityfinder.com/kb/Enterprise-Documentation/573167

Getting Started with Console Policieshttp://www.identityfinder.com/kb/Enterprise-Documentation/192877

Creating a Custom Installer for Windows Clientshttp://www.identityfinder.com/kb/Enterprise-Documentation/195244

Creating a Custom Installer for Mac Clientshttp://www.identityfinder.com/kb/Enterprise-Documentation/180010


http://www.identityfinder.com/kb/Enterprise-Documentation/191239#Prerequisite

http://www.identityfinder.com/kb/Enterprise-Documentation/191239#Prerequisite

http://www.identityfinder.com/kb/Enterprise-Documentation/59105













17


18

\

www.calstate.edu