Scribd Logo
Upload

Welcome to Scribd!

  • 3-Designing A Free Data Loss Prevention System

    Uploaded by

    Raj
    175 views30 pages
    This document discusses designing and developing a free data loss prevention system using open source tools OpenDLP and MyDLP. It proposes combining these tools to leverage their strengths and counteract weaknesses. OpenDLP would detect what data and where it is located, while MyDLP defines exact policies for data in motion, at rest, and in use. The combination aims to limit resource consumption and increase detection speed. Automating scan initiation, results comparison, and rule creation in MyDLP reduces human error and interference for more effective prevention of data loss.

    Original Description:

    3-Designing a Free Data Loss Prevention System

    Original Title

    3-Designing a Free Data Loss Prevention System (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses designing and developing a free data loss prevention system using open source tools OpenDLP and MyDLP. It proposes combining these tools to leverage their strengths and counteract weaknesses. OpenDLP would detect what data and where it is located, while MyDLP defines exact policies for data in motion, at rest, and in use. The combination aims to limit resource consumption and increase detection speed. Automating scan initiation, results comparison, and rule creation in MyDLP reduces human error and interference for more effective prevention of data loss.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    175 views30 pages

    3-Designing A Free Data Loss Prevention System

    Uploaded by

    Raj
    This document discusses designing and developing a free data loss prevention system using open source tools OpenDLP and MyDLP. It proposes combining these tools to leverage their strengths and counteract weaknesses. OpenDLP would detect what data and where it is located, while MyDLP defines exact policies for data in motion, at rest, and in use. The combination aims to limit resource consumption and increase detection speed. Automating scan initiation, results comparison, and rule creation in MyDLP reduces human error and interference for more effective prevention of data loss.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 30

    18th Panhelenic

    Conference of
    Informatics

    University of
    Piraeus

    DESIGNING AND DEVELOPING FREE


    DATA LOSS PREVENTION SYSTEM
    Koutsourelis Dimitrios

    Sokratis K. Katsikas

    Systems Security Laboratory


    Dept. of Digital Systems
    School of Information & Communication Technologies
    University of Piraeus
    a

    Msc in Security of Digital Systems


    b

    Professor, University of Piraeus

    Outline
    1.

    Data Loss Prevention and other


    boring terms.

    2.

    Main goal and benefits.

    3.

    Implementation.

    Data Loss Prevention - What is


    it?

    Data Loss
    Prevention
    Firewalls and
    Data Loss
    IDSs

    Prevention

    Data Loss Prevention - What is


    it?

    Dta Leak Prevention

    Extrusion
    Prevention
    Information Loss Prevention

    Data Loss
    DLP
    Prevention
    Content Monitoring and
    Filtering

    Data Loss
    Protection

    Data Leak Protection

    Types of DLP

    3 Primary

    Data
    Data
    in
    at
    in
    Motion
    Use
    states of
    Rest

    Information

    DLP Basic Components


    Endpoint

    DLP
    Network DLP
    Central Management
    Console

    DLPs Basic
    Characteristic

    Content
    Content
    What
    and
    Discovery
    Awareness
    Where?

    OpenDLP

    Windows filesystem
    Free
    ,
    Open
    Source,
    Only
    deals
    with
    Components:
    Encryption
    Regular
    Windows Network
    agent
    and
    agentless
    the
    Endpoint
    Share

    Web
    expressions
    defeats
    this
    tool
    based
    DLP
    software
    UNIX Filesystem
    application
    tool
    found
    in
    Microsoft SQL

    Agents

    OpenDLP
    More information:
    1. OpenDLP, Available online:
    https://code.google.com/p/opendl
    p/
    .
    2. OpenDLP:
    prevention
    online:

    Data
    tool,

    loss
    Available

    MyDLP

    Data in motion

    Free
    DLP
    Agent
    based
    Windows
    OS

    Data at tool
    rest .
    software
    Data in use

    MyDLP

    Enterprise Edition

    Community
    Edition

    MyDLP
    More information:
    1. R.

    K,

    Open

    Application:

    Source

    DLP

    MyDLP,

    Data

    Leak/Loss

    Available

    Prevention
    Online:

    http://www.excitingip.com/3950/open-source-dlp-data-leaklos
    s-prevention-application-mydlp/
    .
    2. MyDLP, Available Online: http://www.mydlp.com/why-mydlp/.
    3. MyDLP Administration Guide, Version 2.0, MyDLP, 2012.
    4. MyDLP Endpoint Installation Guide, Version 2.0, MyDLP,
    2013.
    5. MyDLP Installation Guide, Version 2.0, MyDLP, 2013.

    Main Goal
    DLP solution based exclusively on free
    software tools.
    MyDLP and OpenDLP.
    Combination and colaboration.

    MyDLP Community vs Enterprise


    Edition

    OpenDLP MyDLP combination

    MyDLP
    OpenDLP
    Data in Motion
    Data at Rest
    Data in Use
    Data at Rest

    OpenDLP MyDLP combination

    OpenDLP - What data

    and where.

    MyDLP Exact policies

    for Data in Motion, Data

    OpenDLP MyDLP combination

    n
    o
    i
    t
    c
    Se
    ?
    ?
    ?

    Tit
    l

    e?
    ?

    OpenDLP MyDLP combination

    Benefits:

    1. Limit

    resources

    consumption
    2. Increase
    speed

    detection

    Human Factor The weak link

    Constant need for


    Start scans
    Check
    Update
    results
    DLP
    human interference

    Policies

    Human Factor The weak link


    Hu
    m
    an
    Ne an Err
    or
    gli d
    ge
    nc
    e

    The Need for Automation


    1.

    2.

    3.

    Scan initiation procedure in

    Event
    OpenDLP.TO REPLACE
    NOT
    scheduling
    OpenDLPs
    scan results
    THE WEB
    comparison.
    mechanism
    PLATFORMS

    Rules creation procedure in MyDLP.

    OpenDLP Automation

    Selenium
    Export
    and
    HTML
    elements
    Start
    scan
    Webdriver
    save results

    Results Comparison Automation

    Existing
    Data
    If
    filename
    EXISTS,
    Md5
    ifif filename
    AND
    md5
    values
    filename
    AND
    md5
    value
    Current
    Previous
    Scan
    Scan
    XML
    Document
    File
    File
    unchanged
    Modified
    Deleted
    value
    NOT
    in
    current
    scans
    NOT
    in
    current
    scans
    results
    EXIST
    in
    current
    scans
    Modification
    Results
    Results
    results
    results

    Results Comparison

    New
    If
    Data
    filename
    Entries
    New
    data
    entries
    New
    If filename
    File Detected
    NOT inor
    New
    Data
    detection
    EXISTS,
    Detected
    but
    files
    detected
    sent to
    previous scans
    pattern
    NOT
    in
    administrator
    via
    eresults
    previous
    mailscans

    MyDLP Automation

    Flash
    app
    Use
    of Selenium
    Limitation
    disassembling
    not
    Webdriver NOT
    reliable
    possible

    Sikuli

    Create
    rules
    based
    on
    Parse
    OpenDLPs
    detected
    Custom
    user
    object
    Image
    Recognition
    customdata
    user object

    Technology

    Conclusion
    Solid DLP services at no
    cost!
    Combination of tools
    counterbalances
    weaknesses.
    Automation increases
    systems capabilities.

    References

    ISACA, "Data Leak Prevention, ISACA, 2010.

    Prathaben Kanagasingham, Sans Insitute, "Data


    Loss Prevention, Sans Insitute, 2008.

    T. Torsteinb, Data Loss Prevention Systems


    and Their Weaknesses, University of Agder,
    2012.

    Securosis, L.L.C, "Understanding and Selecting


    a Data Loss Prevention Solution, Securosis,
    2010

    References

    D. Koutsourelis, Designing a free Data


    Loss Prevention System, MSc Thesis,
    Piraeus: Systems Security Laboratory,
    Dept. of Digital Systems, University of
    Piraeus, 2014.

    Questions ??
    ?

    You might also like