managing pii with identity finder paul hanson iet-data center and client services university of...
TRANSCRIPT
![Page 1: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/1.jpg)
MANAGING PII WITHIDENTITY FINDERPaul Hanson
IET-Data Center and Client Services
University of California, Davis
![Page 2: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/2.jpg)
Agenda
What is PII and where’s the value?
What is Identity Finder? Alternative Solutions What can Identity
Finder Scan? How does Identity
Finder handle the results?
Identity Finder Architecture
Architecture Overview Client UI INI Files Custom MSI
Architecture Overview Management Console
IET DCCS Implementation
IET DCCS Architecture Lessons Learned Breaking News Questions
![Page 3: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/3.jpg)
What is PII and where’s the value? Cybersecurity (UC Davis) Massachusetts 201 CMR 17.00 Protected Health Information (PHI) Health Insurance Portability and
Accountability Act (HIPAA) FACT Red Flag Rules Incident Response Sysadmins may not know the data is
there.
![Page 4: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/4.jpg)
What is Identity Finder
Identity Finder searches the deepest recesses of a computer to locate and secure data that is vulnerable to identity theft - even when you don’t know it exists. The information is then presented to you to permanently shred, quarantine to a secure location, or encrypt with a password. Source: http://www.identityfinder.com/Products/Identity_Finder.html
Primarily Supports Windows & Mac Feature rich Continuously improving
![Page 5: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/5.jpg)
Alternative Solutions
Windows
MacLinux/Unix
Virginia Tech Find_SSNs
X X X
Cornell Spider X X XPowerGREP ? ? ?
![Page 6: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/6.jpg)
Identity Finder Architecture
Enterprise Client Installed on the workstation/server & does the heavy lifting
Management Console (Really just a reporting server) Dedicated system running IIS w/MSSQL
OS Compatibility Clients for Windows and Mac Linux/Unix systems are scanned remotely
![Page 7: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/7.jpg)
What can Identity Finder Scan?
Microsoft Office (Excel, PowerPoint, Word, and OneNote including 2007)
Adobe Acrobat PDF (including 9.x) Cookies and instant messenger logs HTML files (htm, asp, js, etc.) Text files (ANSI, Unicode, Batch, Source code) Rich text files (rtf format) files within the My Documents folder of your personal computer files anywhere on your personal computer removeable hard drives connected to your PC Create custom folder lists for seaching (ability to include and
exclude subfolders) compressed files (zip, gzip, bzip, tar, rar, and z) Microsoft Access database files (including 2007) Any other known or unknown file type
Source: http://www.identityfinder.com/Products/Identity_Finder_Feature_List.html
![Page 8: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/8.jpg)
What else does Identity Finder scan?
Database connector OLEDB (i.e., SQL, Oracle, Sybase, DB2, etc.)
Website crawler HTTP or HTTPS
Remote file shares (SMB, NFS, Samba) Email – Mailboxes, PST’s, MBOX, Tbird IE & Firefox Cache AnyFind vs. Specific Values (e-discovery
requests)
![Page 9: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/9.jpg)
What does Identity Finder do with the results? Save as secured Identity Finder file (*.idf) using FIPS 140-2
validated 256 bit AES Save as HTML Summary Report Choose specific information for custom reports to be saved Save as Full Export into Comma Separated Value format Save as Executive Summary Report Upload to Management Console What about the hits?
Secure – encrypts the file using FIPS 140-2 validated 256 bit AES Shred – based on DOD 5220.22-M standard Ignore Quarantine – Secures a copy of the file and shreds the original Recycle – same as the windows recycle bin. Not a secure method. Will clean web browser cache & registry
![Page 10: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/10.jpg)
Architecture Overview
Client Configuration
User Interface INI Files MSI Customization Boot from CD
Management Console IIS & SQL
![Page 11: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/11.jpg)
Architecture – Client UI
Main What to Search for Where to Search Tools and Options Settings Scheduling
![Page 12: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/12.jpg)
Architecture – INI Files
Creating an INI File Created in UI Copied over
Run on demand or scheduled task /jobmode /inifile=“<filename>.ini”
![Page 13: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/13.jpg)
Architecture – Custom MSI Creating the environment
Download Windows SDK (~1.1GB for Vista) Install Orca.msi Add system variables
Extract MSI Run lictomsi.cmd Import Tables Schtasks for all systems Include Management Console phone home No x64 bit support…. Yet.
![Page 14: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/14.jpg)
Identity Finder Client
Lab
![Page 15: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/15.jpg)
Architecture – Management Console
Single server, dual purpose WS2003/2008 (x86 or x64)
IIS6 or IIS7 w/Metabase compatibility .Net Framework 3.5 SP1 Microsoft Report Viewer
Redistributable 2008 Creates Client Registry
Settings (x86 & x64) SQL 2005/2008
(Express, Std, Ent) Certificates & Encryption
![Page 16: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/16.jpg)
IET DCCS Implementation
Powershell installation script Started with custom MSI
x86 was fairly smooth Users couldn’t modify settings to rescan
x64 required some extra work No support for x64 so had to use INI files anyway
Moved to INI files No reason to support two methods Users can tweak settings and rescan systems
Scans launched using the system account
![Page 17: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/17.jpg)
IET DCCS Architecture
Mangement Console Separate virtual systems for IIS & SQL
Certificates Clients
Leveraged Powershell to script installation Verify connectivity to MC Check system type Include password check Check for and uninstall previous versions Import registry key for MC Create INI Delete old scheduled task Schedule new scan
![Page 18: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/18.jpg)
Lessons Learned
MC is a resource hog. Nuances with schtasks. Clients were configured to search for SSN &
CC but also pulled up Back Account information.
Be prepared for False-Positives. Password check really slows down the scan. When configured as background service, it
will allocate the remaining resources.
![Page 19: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/19.jpg)
Breaking News
Features in the next version of Identity Finder.
![Page 20: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/20.jpg)
Questions?
![Page 21: MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis](https://reader035.vdocuments.net/reader035/viewer/2022070415/56649de55503460f94add7df/html5/thumbnails/21.jpg)
Identity Finder Management Console
Lab