1 cd lifecycle & data spill solutions omar j. fakhri ph: (727) 505-4701
TRANSCRIPT
1
CD Lifecycle & Data Spill Solutions
Omar J. Fakhri
Ph: (727) 505-4701
2
Overview• Need• Scalable Solutions
– Phase I Cradle-to-Grave Lifecycle CD Tracking; a. Authenticate & Issueb. Authenticate & Transferc. Authenticate & Destroy
– Phase II Secure Storage Of CDs– Phase III Spill-Resistant Network With Bar-coding
a. General User Desktopsb. Communal desktops with Same-Level CD burningc. Five-Step Process for High-Low Data Transfer
• Wrap up
3
FBI Strategic Objective: IVA.1 Protect the FBI from compromise of its employees. “Security and counterintelligence professionals generally agree that the most significant threat to an organization’s internal security is betrayal by a trusted insider.” (Page 84)
The Webster Commission’s Report
“…The FBI should study the feasibility of bar coding particularly sensitive classified material, such as asset files, to facilitate control and tracking.” (Page 78)
4
Phase I Cradle-to-Grave Lifecycle CD Tracking
• Phase I a. Authenticate & Issue • Phase I b. Authenticate & Transfer• Phase I c. Authenticate & Destroy
5
Barcode Printer
Technology Blending For Cradle-to-Grave Lifecycle Tracking of Recordable Media (CDs) Phase I Components:
CAC Badges & Readers
TS
S C
U SCI
Pre Bar-coded (blank) CDs
Barcode Readers
NSA Certified CD Destroyers
Optional Receipt Printing
a. Authenticate & Issueb. Authenticate & Transferc. Authenticate & Destroy
CD Vending Machines
Kiosk #11
6
Profile: John Doe (TS)Kiosk
Number
CD
Class
Serial
Number
Date
Issued
Status
(T, D, S, OC) T,D,S Date Recipient
Kiosk
Number27 TS 4-13899 4/13/10 16:44 Owner Custody39 U 1-86463 4/18/10 09:02 Owner Custody11 S 3-85280 5/9/10 13:31 Owner Custody11 S 3-85288 7/28/10 11:00 Owner Custody11 C 1-76489 8/1/10 17:00 Owner Custody32 U 1-38761 8/1/10 19:03 Owner Custody
TS
S C
U
Phase I a.
Authenticate & Issue
SCI
Authenticate
Issue
Track
T -TransferredD - DestroyedS - Stored (Phase II)OC - Owner Custody
Kiosk #11
Disallows Issue to personnel without
appropriate clearance
7
Phase I Cradle-to-Grave Lifecycle CD Tracking
• Phase I a. Authenticate & Issue • Phase I b. Authenticate & Transfer• Phase I c. Authenticate & Destroy
8
TS
Profile: John Doe (TS)Kiosk
Number
CD
Class
Serial
Number
Date
Issued
Status
(T, D, S, OC) T,D,S Date Recipient
Kiosk
Number
27 TS 4-13899 4/13/10 16:44 Transferred 9/12/10 13:10 Col. Smith 11
Phase I b.
Authenticate & Transfer
TS
Authenticate Ownership Eligibility/Acceptance
(Yes/No)Authentication
Loos
er R
ecei
pt
Gai
ners
Rec
eipt
Transfer CompleteHardcopy Printed (Optional)
Profile: Col Smith (TS-SCI)Kiosk
Number
CD
Class
Serial
Number
Date
Issued
Status
(T, D, S, OC) T,D,S Date Recipient
Kiosk
Number
11 TS 4-13899 9/12/10 13:10Owner
Custody
Kiosk #11
Disallows transfers to Personnel without
appropriate Clearance
9
Phase I Cradle-to-Grave Lifecycle CD Tracking
• Phase I a. Authenticate & Issue • Phase I b. Authenticate & Transfer• Phase I c. Authenticate & Destroy
10
Phase I c.
Authenticate & Destroy
Authenticate Ownership
Profile: John Doe (TS)Kiosk
Number
CD
Class
Serial
Number
Date
Issued
Status
(T, D, S, C) T,D,S Date Recipient
Kiosk
Number27 TS 4-13899 4/13/10 16:44 Transferred 9/12/10 13:10 Col. Smith 1139 U 1-86463 4/18/10 09:02 Destroyed 9/15/10 13:10 11
11 S 3-85280 5/9/10 13:31Custody of
Owner11 S 3-85288 7/28/10 11:00 Destroyed 9/15/10 13:10 1111 C 1-76489 8/1/10 17:00 Destroyed 9/15/10 13:10 1132 U 1-38761 8/1/10 19:03 Destroyed 9/15/10 13:10 11
Kiosk #11
Disallows & Alerts when inappropriate Clearance or
“ownership” is detected
11
Profile: John Doe (TS)Kiosk
Number
CD
Class
Serial
Number
Date
Issued
Status
(T, D, S, OC) T,D,S Date Recipient
Kiosk
Number
27 TS 4-13899 4/13/10 16:44 Transferred 9/12/10 13:10 Col. Smith 11
39 U 1-86463 4/18/10 09:02 Destroyed 9/15/10 13:10 1111 S 3-85280 5/9/10 13:31 Owner Custody11 S 3-85288 7/28/10 11:00 Destroyed 9/15/10 13:10 1111 C 1-76489 8/1/10 17:00 Destroyed 9/15/10 13:10 1132 U 1-38761 8/1/10 19:03 Destroyed 9/15/10 13:10 11
Wrap-up Phase I Authenticate & Issue/Transfer/Destroy
Benefits
• Full lifecycle accountability
• Spot-checks & Tripwires
• Prevents Unauthorized Possession
• Leverages/blends Existing Technology
• No Classified is actually accessed/read
Kiosk #11
12
Phase II Storage
13
Phase II - Technology Blending For Secure CD Storage
TS
S C
U SCI
Bar-coded (blank) CDs
Same Components From Phase I
SU#22
Gutted (Stackable)
CD Drives
+
14
Optional Receipt Printing
Phase II
Authenticate & Store
TS
Authenticate Ownership
Opens appropriate gutted CD slot in stack
TS
S
C
SU#22
Profile (TS-SCI)Kiosk
Number
CD
Class
Serial
Number
Date
Issued
Status
(T, D, S, OC) T,D,S Date Recipient
Kiosk
Number
11 TS 4-13899 9/12/10 13:10Owner
CustodyTS 4-13899 Stored 9/12/10 14:15 SU#22
15
Wrap-Up Phase II
Authenticate & Store
TS
TS
S
C
SU#22
ProfileKiosk
Number
CD
Class
Serial
Number
Date
Issued
Status
(T, D, S, OC) T,D,S Date Recipient
Kiosk
Number
11 TS 4-13899 9/12/10 13:10Owner
CustodyTS 4-13899 Stored 9/12/10 14:15 SU#22
Benefits
• Inventory accountability
• Spot-checks & Tripwires
• Prevents Unauthorized Possession
• Leverages/blends Existing Technology
• No Classified is actually accessed/read
16
Phase III
Spill-Resistant Network
17
Phase IIISpill-Resistant Network
All CD Readers and CD Writers Require Barcode Reader to Access Drive
a. General User Desktop CD Readers Integrated With Barcode Reader
b. Communal Desktops with Same-Level CD Burners
c. Centralized High-Low CD Burner Process
a., b., & c. should be deployed together
18
Phase III c. Centralized High-Low CD Burner Process (Only CD Drives that can operate without a Barcode Reader)
Phase III b. Communal Desktops with Same-Level CD Burners
Phase III a. General User Desktop CD Readers Integrated With Barcode Reader
Spill-Resistant Network Topography
Works on both thin-client and client-server environments
CD Readers Only
Same Classification CD Writers Only
19
User scans barcode on CD to access CD drive. The first digit of the Serial Number (SN) determines if drive can be accessed. Example:
Unclassified systems with CD Readers will NOT mount CDs with SNs beginning with # 2 or higher
Confidential systems will NOT mount CDs with SNs beginning with 3 or higher
Secret systems will NOT mount CDs with SNs beginning with #4 or Higher. Etc…
Prevents the reading of CDs that are classified higher than the system (data spill)
Phase III a.General User Desktops CD Readers Integrated With
Barcode Reader
Kiosk #11
CD Readers Only
Introduction of “Foreign” CDs?Use Barcode Printer
20
User must scan barcode on CD to access CD Bruner. The first digit of the Serial Number (SN) determines if drive can be accessed. Example:
Unclassified systems with CD burners will only mount CDs with SNs beginning with #1
Confidential systems will only mount CDs with SNs beginning with #2
Secret systems will only mount CDs with SNs beginning with #3. Etc…
Prevents Users writing data to incorrectly marked blank CDs
(data spill waiting to happen)
Phase III b. Communal Desktops with Same-Level CD Burners
21
Privileged User emails (low side) sanitized file to user
User Uploads File to High-Side SharePoint
System generates Ticket
Privileged User from pool uses “Integrity” (aka Dirty word search & Secure Copy) to burn file(s) to unclassified (Green) CD
Air Gap/Sneaker Net
1Upload
2Track
4Secure
Transfer
3Verify
5Deliver &
Close Ticket (Step 2)
Phase III c. Centralized High-Low CD Burner Process
22
Wrap-UpPhase I Cradle-to-Grave Lifecycle CD Tracking Phase II Secure StoragePhase III Spill-Resistant Network With Bar-coding
Kiosk #11
23
Benefits• Provides Scalable lifecycle Cradle-to-Grave tracking of CDs
• Fully Automated
• Custody Transfers
• Employee out-processing flagging lost data
• Prevents unauthorized possession and secure Storage
• Facilitates Trend Analysis
• Facilitates secure High-Low Data Transfers & Prevents Data Spills
• Never actually “Reads” Classified Data
• Blends Existing COTS Technology
• Adds “Depth” to existing cybersecurity capabilities - keeping data secure even after it leaves the network.
24
The Webster Commission’s Report
“For instance, an information system auditing program would surely have flagged Hanssen’s frequent use of FBI computer systems to determine whether he was the subject of a counterintelligence investigation.” (Page 4)
“Over twenty-two years and more than forty passes, Hanssen turned over to Soviet and Russian intelligence an estimated twenty-six diskettes and 6,000 pages of classified information.” (Page 16)
“…over seven years ago, the CIA IG concluded that Aldrich Ames’ access to computer “terminals that had floppy disk capabilities represented a serious system vulnerability’.” (Page20)
However, if you control the “vehicle” or medium of how information “walks out” of your facility you reduced the insider threat by denying the traitor the medium to do it with.
Omar J Fakhri
25
Questions?