a new approach for sensitive data leakage … new approach for sensitive data leakage prevention...
TRANSCRIPT
i
A New Approach for Sensitive Data Leakage Prevention Based on
Viewer-Side Monitoring
By
Muneer Yousef Fareed Hasan
Supervisor
Dr. Sulieman Bani Ahmad
Assistant Professor
Co-supervisor
Dr. Basem Mohammed Al_rifai'
Assistant Professor
This Thesis Was Submitted In Partial Fulfillment of the Requirements
For The Master’s Degree of Science in Computer Science
Faculty of Graduate Studies at Al-Balqa’ Applied University
Salt-Jordan
March, 2011
ii
DECLARATION OF AUTHORSHIP/ORIGINALITY
I certify that the work in this thesis has not previously been submitted for a
degree, nor has it been submitted as part of requirement for a degree, except as
fully acknowledged within the text.
I also certify that the thesis has been written by me. Any help that I have
received in my research work and in the preparation of the thesis itself has been
acknowledged. In addition, I certify that all information sources and literature
used are indicated in the thesis
Signature of candidate
Muneer Y. F. Hasan
iii
This thesis
A New Approach for Sensitive Data Leakage Prevention Based on
Viewer-Side Monitoring
Was successfully defended and approved on Sunday of 6, March 2011
Examination Committee Signatures
Dr. Sulieman Ahmad Bani-Ahmad, Chairman
Assistant Professor, Information Systems
Dr. Basem Mohammed Al_rifai', Co-Chairman
Assistant Professor, Software Engineering
Dr. Mohammed A. Hjouj Albtoush, Member
Assistant Professor, Computer Security
Dr. Adnan Ibrahim Al-Rabea, Member
Assistant Professor, Computer Networks
Dr. Natheer Yousef Khasawneh, External Examiner
Assistant Professor, Web Developer, Jordan University of Science and Technology
iv
Acknowledgement
This thesis serves as a tribute to my advisors, Dr. Sulieman Bani-Ahmad, and Dr.
Basem Mohammed A-Rifai for the time, patience, and efforts they have spent on me.
My M.S.Education could not have begun, nor would be completed without their
initiative.
I am indebted for the vision, knowledge, and mentality I acquired from them, and I
feel privileged and proud to have benefited from their mentoring and guidance.
I would like to thank my instructors, professors and all the people in Al_Balqa
University who taught me and helped me to complete my study program.
Finally, I shall give all my warm thanks to my beloved my soul for ever ( my parents),
my heart (my wife) , my left and right arms (Sons:Ammar,Majd), my eyes
(Daughters:Qamar,Salma), my happy source (Brothers and Sisters: Amal, Waf'aa,
Basema, Shaker, Shaher, Maher, Yaser, and Basem) and special thanks for the
Technical assistance from the best friends (Alkhatib, Sadeq, and Odai) and for
Typing , Formatting and revising my thesis from the best nephew (Anas Saeed) and
nice one (Malik Zbon), for their everlasting support, which motivated me through
challenges and made it possible for me to complete this work.
v
Contents
Acknowledgement .................................................................................................... iv
Contents .................................................................................................................... v
List of Tables........................................................................................................... ix
List of Figures .......................................................................................................... x
List Of Abbreviations ............................................................................................... xi
ABSTRACT........................................................................................................... xiii
Chapter 1:Literature Review ..................................................................................... 1
Introduction ........................................................................................................... 1
Terms And Definitions .......................................................................................... 3
Sensitive Data Definition ....................................................................................... 4
Data Leakage Prevention Techniques..................................................................... 5
How is DLP Different From Other Security Technologies ..................................... 5
Problem Statement ,Contributions and Main Finding ............................................. 5
The Growing Importance Of DLP Solution........................................................... 8
High Profile, Reputation Damaging Data Leaks .................................................... 8
Organization's Regulations .................................................................................... 9
Organization's Data Leakage Cost.......................................................................... 9
The Challenge For Todays DLP Solution............................................................. 11
vi
Organization's Real Requirements ....................................................................... 13
Chapter 2: Related work .......................................................................................... 15
The Importance Of Organization's Information Policy ......................................... 15
The Classification Of Data Documents .............................................................. 15
Data Leakage Prevention Features Cycle ............................................................. 16
Data Leakage Prevention Solution Benefits ......................................................... 17
The International Data Corporation Survey.......................................................... 18
The Importance Of Monitoring Employee Use..................................................... 19
Creating and Enforcing Acceptable Use Policy Inside Organizations ................... 20
The Issues that Covering by Applying A Suitable AUP ...................................... 20
The Proposed Web Based System by Yasuhiro and Yoshiki ................................ 21
The Web Based System Major Components ........................................................ 21
Data Leakage Prevention Best Security Practices................................................. 22
Identifying the Heart Of Sensitive Data Leakage Problem.................................... 25
A Comprehensive DLP Solution Procedures........................................................ 26
Deloitte's Global Security Survey ........................................................................ 27
The Most Common Internal Security Breach Causes ........................................... 27
Best Facts About DLP Solution ........................................................................... 28
Four Principles Of Effective Threat Protection..................................................... 30
vii
Chapter 3 : System Methodology............................................................................. 31
System Description.............................................................................................. 31
Pre-Study Of Sensitive Data Of the Organization................................................. 31
Pre-Design Of the Organization Information Policy ............................................. 31
Enforcing the OIP Through Computer Based Techniques .................................... 32
Monitoring User's Actions for Extended Future Protection................................... 32
Data Leakage Prevention Integrated Solution ...................................................... 33
Protecting Sensitive Data Of Organization ........................................................... 33
Endpoint Protection Procedures ........................................................................... 33
Gateway Protection Procedures............................................................................ 34
Securing Sensitive Data Of Organization ............................................................. 35
Secure Data Procedures ....................................................................................... 35
The Key Points Of DLP Solution ......................................................................... 36
Chapter 4: System Implementation ......................................................................... 40
Three Tier Software Architectures ....................................................................... 41
What is a Layer.................................................................................................... 41
Why Three Tier Model ........................................................................................ 42
Visual Overview Of a Three Tier Application...................................................... 43
Three Tire Architecture Model............................................................................. 44
Web Development Usage..................................................................................... 47
viii
Three Tier Architecture Technical Details............................................................ 48
Three Tier Architecture Levels ............................................................................ 50
Three Tier Architecture Usage Consierations ....................................................... 52
Three Tier Architecture Traceability .................................................................... 52
Three Tier Architecture Advantages .................................................................... 53
Three Tier Architecture Maturity ......................................................................... 53
Chapter 5: System Description................................................................................ 56
Application Hierarchy.......................................................................................... 56
Admin Area Details Operations ........................................................................... 57
User Area Details Operations............................................................................... 58
System Scenario .................................................................................................. 59
Admin Area Scenario........................................................................................... 60
User Area Scenario .............................................................................................. 63
Chapter 6: Conclusion ............................................................................................ 66
References............................................................................................................... 67
...............................................................................................................71
ix
List of Tables
Table 1.1 Costs Of Data Breaches and Lost Business………………………………. 10
Table 1.2 Challenges Of DLP Solutions…………………………………………….. 12
Table 1.3 Organization's Real Requirements...……………………………………….14
Table 2.1 Data Leakage Prevention Best Security Practices……………………...… 24
Table 2.2 Best Facts About DLP Solution…………………………………………. .29
Table 3.1 Endpoint Protection Procedures…..….……………..…………………. …34
Table 3.2 Gateway Protection Procedures.…………………………………………. 35
Table 3.3 Secure Data Procedures……..………………………..…………………. 36
Table 3.4 The Key Points Of DLP Solution…...………………. …………………..40
Table 4.1 The Detailed Description Of a Three Tier Model...…. …………………. 46
x
List of Figures
Figure 2.1 DLP Features Cycle………………….……………………………………...16
Figure 2.2 The Importance Of Monitoring Employee Use….……….……………….. 19
Figure 2.3 DLP System Architecture...….…………………………………………….. 21
Figure 2.4 Most Common Internal Security Breach Causes………….………………...27
Figure 3.1 Data Manipulation Requirements……………………..….………….……...31
Figure 3.2 Employees Authority Requirements.…………….……….………………...32
Figure 4.5 Visual Overview of a Three Tier Application ….…….…………………... 43
Figure 4.6 Three Tier Architecture Model…………………….….…………………... 48
Figure 4.7 Three Tier Architecture Levels………………………………………….… 50
Figure 4.8 Three Tier Architecture Model (Technical Details)……………………... 51
xi
List of Abbreviations
1 API Application Programming Interface
2 AUI Acceptable Use Of Information
3 CIO Chief Information Officers
4 CISO Chief Information Security Officers
5 CMF Content Monitoring and Filtering
6 CSO Chief Security Officers
7 DHCP Dynamic Host Configuration Protocol
8 DLP Data Leakage Prevention
9 FBI Federal Bureau of Investigation
10 FTP File Transfer Protocol
11 GUI Graphical User Interface
12 HIPAA Health Insurance Portability and Accountability Act
13 IDC International Data Corporation
14 IDS Intrusion Detection System
15 ILDP Information Leak Detection and Prevention
xii
16 IM Instant Messaging
17 IPC Information Protection and Control
18 IPS Intrusion Prevention System
19 OEC Open Environment Corporation
20 OIP Organization Information Policy
21 PC Personal Computer
22 RDBMS Relational Database Management Systems
23 SSN Social Security Number
24 TTS Three Tier Software
xiii
A New Approach for Sensitive Data Leakage Prevention
Based on Viewer-Side Monitoring
By
Muneer Yousef Fareed Hasan
Supervisors
Dr. Sulieman Bani Ahmad, Supervisor
Dr. Basem Mohammed Al_Rifai', Co-Supervisor
ABSTRACT
The information security has never been as important as it is today for the business,
health, and education organizations and individuals alike, because Many
organizations around the world depend today on reliable information to perform their
daily tasks. Additionally, the information needs to be timely, accurate, complete,
valid, consistent and relevant to be of any use for the organization. The information
confidentiality is measured as a main topic for many organizations around the world
that attempt to find the best way to protect them from hackers attacks. So, it is
possible for organizations and individuals to guard themselves by being skilled on the
importance of security and gaining awareness of the possible Security attacks that
they may encounter.
xiv
This thesis represents and describes a new approach used to build a security tool that
can be used for preventing and reducing intentional data leakage actions through
monitoring user’s actions. The thesis also discusses some data leakage prevention
concepts, which have attracted many security applications developers in the last few
years, and also discusses a new security application that has put all the theoretical
information in this thesis into practical use. The main goal of this thesis is to put the
basis for a new security application (Web Based Application System) can be used
within many organizations to protect and prevent sensitive data from leakage to the
wrong hands intentionally or accidentally.
1
Chapter 1: Literature Review
1.1 Introduction
Nowadays, Information Security became a vital and a major subject, especially with
the spreading of information sharing among private and public networks for all
organizations across different industrial sectors (e.g. telecom, banking, education all
over the world). The importance of securing information is playing a significant role
especially when sharing, distributing, accessing and publishing any information that
had been classified as a sensitive, either for the organization itself or the clients who
sharing their private information with the organization, such as information stored,
shared, distributed and viewed through the electronic documents systems and/or
images of paper documents systems widely used by a lot of organizations.
Many of organizations have given a great deal of attention has been given to
protecting their sensitive data from the outside threats by using a set of security
countermeasures like: intrusion prevention systems, firewalls, and management of the
vulnerability points inside them. So, organizations must now turn their attention to an
equally critical situation that forms -for them- a great challenge today, that is: the
problem of data leaking or loss from the inside.
In fact, in many organizations there’s a gaping hole in controlling, monitoring, and
protecting its business environment and electronic data assets from leaking or loss to
the wrong individuals or groups intentionally or accidentally. This hole is the now
ubiquitous in businesses, health, education organizations and individuals who need
needed to communicate with each other over the Internet network.
2
In our days, many of the electronic communications heavily used inside any
organization for many purposes, for instance: local mail, instant messaging, web mail,
data files transferring, and also organization website still go largely to different
destinations without any limitations, monitoring, and controlling on its
movements from the organization. Thus, the expected result for this issue is there is a
big potential for the organization confidential information be falling into the wrong
hands. Surely, from this significant point, the organization sensitive data should be
protected very well, otherwise will be facing tragic results like: business loss,
damaged reputation, bad publicity, loss of strategic customers, and loss of
competitiveness with the other organizations.
As a result, any organization using similar electronic document system must
keep a close eye to secure sensitive data that had gone forth/back through this
system or application to maintain reputation and business continuous, and ensure
regulations, laws compliance, along with being different from others. One of the
recent methodologies and technical solution has been raised to top is the Data
Leakage Prevention (DLP) solution, which is basically protecting sensitive data of an
organization from being viewed by wrong individuals, whether from outside or even
inside the organization. This basically means that specific data can be
viewed by only a specific set of an authorized individuals or groups for them
(Parthaben, 2008).
The sensitive Data leakage prevention (DLP) became one of the most critical issues
facing Chief Information Officers (CIOs), Chief Security Officers (CSOs), and
Chief Information Security Officers (CISOs). On the other hand, the DLP's solution is
considered one of the most pressing security approaches and techniques that
assist organizations today effectively in protecting the organization sensitive
data from leakage to the wrong hands. It plays a major role, as a part of the overall
information security system framework, that can be integrated with the existing
infrastructure and systems like electronic document management systems to provide
a comprehensive, holistic and effective information security strategy inside an
organization (Sophos, 2009).
3
1.2 Terms and Definitions
Data Leakage Prevention (DLP) is a computer security term that involvesidentification, monitoring, and protecting three groups of organization's data(Securosis,2010):
Data at Rest
“Data at Rest” is data recorded and stored on storage media or any data that resides in file systems, databases and other storage methods (Prathaben, 2008; Rich, 2009).
This data can be regarded as “Secure” if and only if
• Data is protected by strong encryption (where “strong encryption” is defined as“encryption requiring a computationally infeasible amount of time to brute force attack”).
• The key (required to decrypt data) is (i) not present on the media itself (ii) notpresent on the node associated with the media; and (iii) is of sufficient lengthand randomness to be functionally immune to a dictionary attack.
Data in Use
“Data in Use” is all data not in an at rest state, that is on only one particular node in a network (for example, in resident memory, swap, processor cache disk, cache, or memory) (Prathaben, 2008; Rich, 2009).
This data can be regarded as “Secure” if and only if
• Access to the memory is rigorously controlled (the process that accessed thedata off the storage media and read the data into memory is the only processthat has access to the memory).
• Regardless of how the process (the owner of the data) terminates (either bysuccessful completion, killing of the process, or shutdown of the computer), thedata cannot be retrieved from any location other than the original at rest state,requiring re-authorization.
4
Data in Motion
Or “Data in Transit” is all data being transferred between two nodes in a network (Prathaben,2008; Rich, 2009).
This data can be regarded as “Secure” if and only if
• Both nodes (the source and the receiver of the data) are capable of protectingthe data in the previous two classifications from any threats.
• The communication between the two hosts is identified, authenticated,authorized, and private, meaning no third node over the network can overhearthe communication between the two endpoint nodes.
1.3 What is Sensitive Data?
Sensitive data is any data when it leaks can cause harm to somebody or for an
organization. Sensitive data may contain (i) personal information, or (ii) information
about an organization.
Sensitive Data Examples:
§ Social Security number (SSN).§ Credit card number.§ Driver's license number.§ Personal information for patients.§ Financial data for the organization.§ Personal information for students.§ Students records (study plans, marks)§ Personal information for employees.§ Research data within the university.§ Legal data special for the university.
5
1.4 Data Leakage Prevention (DLP) Techniques
Protecting those data groups is achieved through the following techniques that can be
found in DLP literature (Rich, 2009):
(i) Deep content inspection.(ii) Contextual security analysis of transaction (attributes of originator, data object,
medium, timing, and recipient/destination).(iii) A centralized management framework. The systems are designed to detect
and prevent the unauthorized use and transmission of confidential information.
DLP is also referred to as Data Loss Prevention, Information Leak Detection and
Prevention (ILDP), and Content Monitoring and Filtering (CMF) (Wikipedia, 2007).
1.5 How is Data Leakage Prevention (DLP) different from other security technologies?
Conventional security tools that have been in use, such as firewalls and An Intrusion
detection system (IDS)/Intrusion prevention system (IPS), look for anything that can
pose a threat to organization information and then take a set of steps to deal with these
threats. But Data leakage prevention (DLP) tools are interested in identifying the
sensitive data inside the organization and look for critical contents to the organization;
and then the first option is monitoring the usage, and the last option is preventing
them from leakage to unauthorized people (Prathaben, 2008).
1.6 Problem Statement, Contributions and main finding
Nowadays, many organizations business has become vastly depending on online
transactions; to complete their works efficiently and accurately, thus saving time and
cost for them. This option creates a vast chance for transferring data between many
nodes within the organization in a more flexible way. But, at the same time, it faces
many challenges and limitations. For instance, finding the best way for monitoring,
keeping, and preventing data from leakage to unauthorized people.
6
In the previous years, many security strategies followed by the organizations for
protecting their sensitive data such as: firewalls, intrusion detection systems, and
other similar tools have become insufficient; there are too many entry and exit points
for data within any organization. This calls them protect their sensitive data very well
and focus on controlling access to these points.
In this thesis,
(i) We proposed a specific security solution based on building a security tool (Software application), that can be used by employees of some organization to prevent sensitive data from leakage. This tool can be simple, easy, and lower cost than other security tools.
(ii) Classify the transmitted documents over local network within Petra University according to their importance degree (High, Medium, and Low).
(iii) Highlight the importance of conducting the security awareness sessions and training workshops for the employees of the organization.
(iv) Propose suitable criteria for building a comprehensive security policy for the data of the organization, taking into consideration the security threats, and the available security tools inside them.
One of these solutions is (DLP Solution), which is considered as the best solution that
can be used by the organizations and vendors who are offering services or products to
prevent sensitive data from reaching unauthorized persons and others (Sans, 2010).
The most important part inside any DLP solution involves developing awareness
training courses for the users to achieve data leakage prevention, through teaching
them how to deal with expected security attacks, which can happen for them at any
moment.
7
However, this solution does not guarantee a complete protection as data leakage may
occur intentionally by leaking data, or accidentally by sending data to wrong receivers.
The main contribution of the thesis is describing a new security approach for
reducing intentional data leakage actions through monitoring user’s actions.
In brief, we will be proposing a comprehensive DLP-based management solutionwithin the organization. As a running example, we will consider Petra University asthe organization to study and demonstrate the power of the proposed solution.
8
1.7 The growing importance of DLP Solution
Nowadays, many Organizations across different sectors (health, telecom, banking,
and education) are becoming more increasingly aware of the acute need to very well
control the information that flows into, through, and out of their own networks. Now
many organizations over the world found themselves, after years of enforcing viruses,
intrusions, and email spam problems, facing a significant security issue, although new,
yet it becomes of more huge importance: data leakage (Sophos, 2009).
There are several reasons for the movement of data leakage prevention (DLP) issue to
the forefront of concerns within any organization strategy security plan such as
(Sophos, 2009):
1.7.1 High–Profile, Reputation-Damaging data leaks
Bad publicity from data leakage can result in damaged reputation for the organization,
lost customers, and sometimes loss of the business completely. The number of data
security breaches is growing up significantly, and in many sectors like: military
bodies, public government bodies, giant financial organizations, and even education
institutions. Seriously, none is immune from these threats today.
Recent high-profile violation incidents have included for example:
§ Left secret government documents about Al Qaeda and Iraq war accidentally on a commuter train in the UK (Daily Mail, 2008).
§ Sending an email to Ohio State University accidentally was containing social security numbers, staff names, positions, and salaries for 192 faculty and staff members (Randy, 2008).
§ Some hackers in USA are charged of stealing more than 40 million $ from Credit Card numbers from US retail outlets, through breaking into the wireless networks of major retailers (Graham, 2008).
§ A Group of talented Chinese hackers reached very military sensitive information about USA weapons programs.
9
1.7.2 Organization’s Regulations
Today, to guarantee success for any protection plan within any organization, focus
must be on controlling access to the information, rather than on mere blocking the
perimeter. Therefore, most governments worldwide have started very well focusing
on increasing stringent data protection legislation, such as HIPAA, and the UK’s Data
Protection Act, to provide suitable controls over sensitive organization information.
Many regulations also require periodically regular audits, so that any organization
may not pass once the right controls are not in place.
1.7.3 Organization’s Data Leakage Cost
When sensitive data inside specific organization leaks intentionally or accidentally to
the wrong individuals or groups, who do not possess an authorized license to view
them, considerable harm could be created to somebody or an organization. In addition
to legal costs, organizations have to deal with the high tangible costs of recovery and
business commercial fallout, such as lost money, time, resources, business, and
reputation. All these costs have been rising heavily.
10
According to International Data Corporation (IDC’s) survey study, published in
March 2008, one can consider a comprehensive vision about the costs of data
breaches and lost business. (Table 1.1)
Cost of a Data Breach
Ø Up to11 percent since 2006Ø Average cost per breach – $6.6 millionØ Average cost per record – $202
For Health Care Record $282
For Retail Breach $131
Cost of Lost Business
Ø Up to 40 percent since 2005Ø 69 percent of overall cost (compared to 65 percent in a similar 2006 study)
Source
Ponemon Information Security Institute(Robort, 2007)
Table 1.1 Costs of Data Breaches and Lost Business (Sophos, 2009)
11
1.8 The challenge for today’s DLP solutions
Since few years, several organizations are focused on DLP solutions, to treat many
problems relating to protecting its sensitive data from leakage or losing. They have
developed many innovative solutions and products for preventing the leakage of
sensitive organization's data. Many of these solutions are focused heavily on
identifying and classifying all organization's data, and then implementing
organization DLP policies, to track sensitive information across the enterprise, and
finally applying the suitable controls where necessary (Sophos, 2009).
These solutions from theory are very attractive, easy, and simple, but in practice them
facing many challenges in implementing them correctly, accurately, and completely
inside any organization. These challenges have included for example (Sophos, 2009):
Challenge Explain
Ø Too Much Data, Too Little Time
- Many organizations which have possessing very huge data, which are distributed between many departments, and are often disorganized, need a lot of time and intensive effort by the IT staff to categorize them properly.
- This issue forms a main challenge for most IT departments to take the best procedures to deal with.
Ø IT Resistance
- Many available DLP solutions are relatively new and still suffering from issues such as frequent false positives.
- IT departments can be reluctant to invest their resources in deploying another complex enterprise level infrastructure at the expense of delivering strategic value to the organization.
Ø User Resistance
- There is a wariness about deploying another agent on each PC desktop and laptop that might interfere with legitimate business by requiring a frequent updates and slowing down the performance of other user applications.
12
Ø Complexity of Scope
- Implementing a comprehensive, viable policy to be supported by the DLP solutions can get in the way of regular business practices. This requires from all individuals inside the organization real and active involvement, not only from IT staff, but also from human resources, finance and legal teams, and business unit managers.
Ø The Wrong Focus
-Many of DLP solutions are focused intensively on intentional data leakage, but in reality, when this problem occurs, it becomes hard to stop. For instance, the enterprise employees can deliberately alter data files to avoid detecting them or sharing important information through ordinary conversation.
Table 1.2 Challenges of DLP Solutions (Sophos, 2009)
13
1.9 Organization’s Real Requirements
The truth is that, most educational establishments, for example, simply don’t have
enough technical staff, governmental funds, or resources. Thus, they are in need for
intensive efforts to implement suitable security requirements within a sturdy strategy
security plan. As a result, the previous factors require a set of immediate needs, that
any organization must take seriously to guarantee the success of DLP solution. For
instance there are three categories (Sophos, 2009):
Organization Needs Explain
Ø Stopping the Stupidity
- 98 percent of data leakage incidents inside organizations are actually due to stupidity or accidentally actions from either individuals or groups [27].
- There are much more significant threats to organizations than intruders like: the lack of security awareness of organization's staff and loss of laptops, inadvertent misuse of e-mail, data transfer, and sharing sensitive files data between multiple nodes.
Ø Meeting Regulatory Requirements
- The most pressing need for most organizations today is to implement an effective security solution that will satisfy both organization's management and all the staff at the same time. Also, Providing protection and control required for meeting the current regulations, without the need for huge amounts of technical staff, funds, and resources in implementation and management.
14
Ø Maximizing IT Investment
- IT departments inside any organization want to ensure that a budget is available for implementing a proper security plan; to protect the organization's sensitive data from leakage, to spend in the most efficient and cost-effective way.
- Solutions that integrate DLP solution with the other practical security measures inside the organization are in the best position to do these tasks successfully.
Table 1.3 Organization’s Real Requirements (Sophos, 2009)
15
Chapter 2: Related Work
Many published papers and reports talk about the importance of (i) identification of
sensitive data inside any organization, (ii) applying a suitable information policy to
protect it from leakage to the wrong hands, and (iii) explain the benefits that any
organization can gain of preventing data from leakage; and prove that this issue can
be satisfied by controlling and monitoring the document viewer's side.
Eric Maiwald (2003) sees that the identification of information policy within any
organization is the most important part according to many justifications like (Eric,
2003):
(i) The information policy defines what sensitive data are within theorganization and that data should be protected. This policy should beconstructed to cover all data within the organization.
(ii) Each employee is responsible for protecting sensitive data that come intohis/her possession. Such data can be in the form of electronic documents,or paper records both of which the organization's policy must take intoaccount.
(iii) To protect your data from leakage, we must classify the data documentsinto a set of levels according to their importance, like:
1- Public Classification (Lowest Level): The data are not sensitive andcan be provided to the public.
2- Private Classification (Medium Level): The data are confidential andcan be provided only to the authorized employees or to otherorganizations.
3- Sensitive Data Classification (High Level): The data are very sensitiveand must be restricted to a limited number of employees within theorganization. These data must be well protected by being not providedto all employees, or to individuals outside of the organization.
16
(iv) The information policy must address how sensitive data are transmitted.Sensitive data can be transmitted through number of ways such as (Email,Fax, and so on), and the policy should address each of them very well.
(v) Highlighting the importance of education, and implementing a propersecurity awareness training program for the employees within theorganization, to avoid any future problems in implementation.
Securosis-Information Security Company report, published in Feb/2009, described the
(i) Main features of Data Leakage Prevention (DLP) life cycle, where all these
features are tied together in the DLP cycle as follows (Securosis, 2010):
Figure2.1: DLP Features Cycle (Securosis, 2010)
1. Define: The first feature is concerned in building a proper organizationinformation policy that defines the data to protect, and how to
protect very well.2. Discover: The second feature uses the DLP solution to find the defined
data throughout the organization, and then relocate or remove information where it shouldn’t be
3. Monitor: The third feature is concerned in track usage of the defined data at rest, in motion, and in use. Then it can be generating a proper warning alert, if, and only if any organization's information policy had been violated.
4. Protect: The fourth feature is concerned in protecting sensitive data from leakage by quarantining emails, relocating the files, blocking copies to portable storage, and other enforcement actions.
17
(ii) Define Data Leakage Prevention concept as "Products that, based on central policies, identify, monitor, and protect data at rest, in motion, and in use through deep content analysis".
This definition contains the core components of a DLP solution: centralized management, identification of defined data, monitoring the usage, and protection from policy violations. A DLP solution can do this in data storage, on networks, and on employees' computers, using advanced analysis techniques. Thus, this solution can provide better protection and more cost effective on the long term.
(iii) They expect more benefits by implementing a proper DLP solution within
any organization, like the following (Securosis, 2010):
§ Risk Reduction: You can reduce the risk of threats and possibility of data leakage by knowing where your data are stored and how they are being used.
§ Cost Savings: DLP solution may help reduce other costs associated with data management and security.
§ Compliance support: DLP solution helps reduce the direct costs associated with some regulatory compliance from all employees within the organization.
§ Policy enforcement: Many data management policies in organizations are difficult or impossible to enforce. DLP solution supports enforcement of Acceptable Use of Information (AUI), not just security controls.
§ Data security and Threat management: While no security tool stops all threats, DLP solution reduces the risk of certain malicious activity.
(iv) They approached the conclusion that : DLP solution is a powerful security tool,
that can be used within any organization to protect sensitive data from leakage;
because DLP solution can identify the sensitive data, monitor its use, and protect
it from abuse by others; the DLP solution can accomplish these tasks by
monitoring your network, scanning your storage infrastructure, and tracking data
use on endpoints such as (desktops, laptops) through deep content analysis for
transmitted documents.
18
In March 2008, many of specialized corporations, such as International Data
Corporation (IDC), a leading center in the world for information security researches'
and analysis, specifically for many sectors such as: information technology and
telecommunications published a report on this issue. Its report demonstrated the
dangers of accidentally exposure for organization's sensitive data and considered it as
the number one threat (Brain E., 2008).
At the end of the same year, another study for the same corporation has shown many
important facts like: 80 percent of respondents in survey have agreed on that data
security was one of the biggest challenges facing them, with 50 percent of
respondents have become possessing a good experience to deal with incidents of
leakage of sensitive data inside different sectors of organization (Tom, 2009).
Another important IDC’s survey indicated that the problem of intellectual property is
now becoming one of the most acute problems facing many organizations today,
especially for the sensitive data leakage problem. 81 percent of those surveyed saw
that the Information Protection and Control (IPC) can be defined as: monitoring,
encrypting, filtering, and blocking sensitive data contained in data at rest, data in
motion, and data in use, as an important part of the overall strategy to protect the data
within the organization (Brian E. , 2008).
19
The highest priority of information protection and control (IPC) solution was data
leakage prevention (DLP), which deployed at the organization’s perimeter and on all
endpoint computers, within the organization (Brain E., 2008).
Figure2.2: Importance of monitoring employee use (Brian E., 2008)
The respondents to IDC’s survey demonstrated the importance of [Monitoring
Employee Use]. It further showed that the accidental or intentional exposure of
confidential information for the organization is ranging from legally protected
personal information to intellectual property, and any significant secrets about
organization, is something that affects the IT environment in its widest sense,
involving lost or stolen laptops, hacking on the employees' emails, and any other vital
applications for them. Nowadays, the main challenge for many organizations is not
only how to find the best way to protect the sensitive data from the threat or
corruption from malware programs , but also how it can add a proper second security
layer that can prevent data being accessed, if lost.
20
Sophos white paper, published in Feb/2009 under the title “Stopping Data Leakage”,
demonstrated the importance of enabling DLP solution within the organization by
creating and enforcing an Acceptable Use Policy (AUP) in support of any attempts to
stop data leaking from the organization.
It also proposed three steps to make AUP success (Sophos, 2009):
(i) Create the suitable policy within the organization.
(ii) Educate employees and users about the policy.
(iii) Enforce the policy properly.
The AUP should cover many issues that are very important for the employees within
the organization, to be clearly known by them such as (Sophos, 2009):
(i) Determine what information or documents must not be emailed.
(ii) Determine the persons or organizations authorized to access, receive, and see the sensitive data documents.
(iii) Determine what operations/actions are allowed on the sensitive data documents.
(iv) The organization policy in sending a specific document over the web or downloading it from the web.
(v) The organization policy on storing sensitive data on desktops, PC’s, laptops, and so on.
21
Yasuhiro K. and Yoshiki S. (2002) proposed a web-based system to represent a data
leakage prevention (DLP) solution within any organization. This system can provide
protection for the sensitive data stored in the web server against any information
leakage, such as bringing out the data by saving them as a document file, writing to
the media and then printing out. The users within this system can only read but can't
copy or and print the sensitive data (Yasuhiro and Yoshiki, 2002).
They proposed a system containing four major components:
(i) Viewer: This represents the web client side that is authorized to access or see the sensitive data document.
(ii) Encryption Proxy: Is a proxy server located between client and web server side. Its main function is to encrypt the transmitted portion of the sensitive data on demand.
(iii) Authentication Server: This is used to authenticate users and control the access operations.
(iv) Access Control Directory: Is the database that exists inside the system which is used by the administrator to register the user's actions/operations on the secret data .It plays a major role in giving a comprehensive vision about user behaviors within the system.
Figure2.3: DLP System Architecture (Yasuhiro and Yoshiki, 2002)
22
Ironport Systems published a very significant report in Sep/2007, under the title
“Data Loss Prevention Best Practices”, which demonstrated the importance of
managing the sensitive data inside the organization and protecting them from leaking
to the wrong individuals or groups, by following a set of the best security practices
inside them. This report presents many valuable ideas that can be very useful for
many organizations to enhance the information security plan inside its environment,
for instance (Ironport, 2007):
(i) Proposing a set of the best security practices for organizations seeking for practical solutions for preventing sensitive data leaks, enforcing organization's regulatory compliance, and protecting the organization's reputation and brand value from loss.
According to this report, there are six proposals for best security practices:
Security Practice Benefits
Ø Take Time to Define DLP Needs
- Any organization wanting to solve the data leakage problem effectively from inside, must take sufficient time to define the DLP needs, starting from developing a comprehensive understanding about the types of sensitive data that exist within the organization, and determining the proper policies needed for monitoring, controlling, and how these data can be shared between the employees. To do this correctly, organizations need to know all their relations with the other relevant establishments over the world like: universities, banks, customers, and companies Oragencies.
- The organizations should seriously consider the impact of sensitive data leakage on the workflow. Thus, exactly understanding how these regulatory regulations can apply very well on overall organization's structure, as well as to individual users, departments and their branches. This enables them easily define the real organization's requirements, and then demonstrate the effectiveness of regulatory compliance solutions.
- Finally, to guarantee the success for any DLP's solution is to have "full cooperation" between
23
All of “C-suite” parts (e.g., the Chief Information Officers (CIO), Chief Security Officers (CSO, and Chief Information Officers (CISO)). They can provide the support needed by the organization to implement it on a large scope.
Ø Prioritize the DLP s solution Focus
- Organizations should identify all potential points of data leakage from inside or outside. Thus, they must be informed and aware of all sensitive data that exist at their rest, motion, and data at the endpoint. This requires them identify a set of precise criteria, such as the volume of data, communications, the last past violations, and users having the permissions to access and deal with such data constantly.
- At present, primary area of focus for the majority of business enterprises or academic institutions in the world is to guarantee the protection of the most widely used channels in transferring sensitive data for them through Email and web communications.
Ø Ensure from Effective and Comprehensive Coverage
- Any DLP solution, to be doable, effective and comprehensive, should meet completely the:
1- Organization's security plan requirements.
2- Organization's regulations.3- Organization's information security policies.
At the same time, it should be effectively capable to detect any violations from others. In this case, you can consider them as the best solution for sensitive data leakage problem.
Ø Make the Solution Unobtrusive
- The most important aspect of any DLP solution, which can be used to prevent any possible leaking for a sensitive data from inside the organizations, should be more easy, unobtrusive, and flexible in implementation, So that this solution does not lead to any inconvenience for both organization itself and end-users alike. This means that DLP's solution should be effective in monitoring communications content, and not heavily impacting on the flow of the organization's business or employees' productivity, alike.
24
Ø Look for Work Flow , and Reporting
- In reality, this security practice is based on real fact "any DLP solution cannot be effective without detailed reports about all suspected violations". Thus, these reports should give a comprehensive vision about all organization's work flow, and the detailed reports can be very useful in dealing very well with violations effects, and can ease their maintenance and management.- Organization's administrators should possess the ability to receive detailed reports outlining all detected violations for sensitive data, with in-depth information that enables them to take a proper action. These details include: sensitive data document sender and receiver, document contents, message attachments, and others.- Powerful reporting capabilities allow:
(i) Analyze and improve the organization’s DLP solution capabilities.
(ii) Automatically delivering decision-making information in a timely manner.
(iii) Easily generate instant reports for executives’ managers.
Ø Combine Best-of-Breed Solutions
- Today’s existing solutions to prevent sensitive data from leakage to wrong hands are still
evolving and under intensive study by enormous information security corporations in the world. On the other hand, this issue requires from organizations different capabilities to face this problem very properly. For instance, protecting data in motion or data at rest requires each of them possess different sets of capabilities..- The organizations should be seeking for best- of-breed solutions, that have the ability to extend and enhance their effectiveness through integration with other best security tools like firewalls and, an Intrusion detection system(IDS)/Intrusion prevention system (IPS). This integration between all security tools, to give a comprehensive solution for sensitive data leaking problem, represents a big challenge for many information security organizations in the near future.
Table 2.1 Data Leakage Prevention (DLP) Best Security Practices (Ironport, 2007)
25
(ii) Justifying why sensitive data leaking issue became a so prevalent problem for
many of businesses, health, and education organizations alike in the world.
As a result, they have used an incredible number of resources for protecting
and keeping their information safely. But the majority of their efforts have
been concentrated completely on preventing intruders from breaking into the
organization itself, or into the confidential information of the organization alike.
(iii) Identifying the heart of sensitive data leakage problem: Uncontrolled Communications
Protecting the organization's sensitive data in motion [in, through, and out of its
network] becomes one of the most significant data leakage topics to address
by many of security enterprises in the world today. Because the electronic
communications between various organizations are deployed on a large scale,
this requires the organization to monitor them properly through series of
Preventive-procedures.
There are many types of sensitive data that can be sent/ received from/to organization
via the Internet network, such as (Organization’s website, Email, and others). Current
firewall and other network security solutions do not include data leakage prevention
capabilities to secure data in traveling between different nodes inside/outside of the
organization, thereby, missing such important controls as content scanning, blocking
of communications containing sensitive data and encryption. While large
organizations in the world have attempted to address the sensitive data leakage
problem through corporate policies and employee education, without appropriate
controls in the right place, employees can (often through ignorance) still leak
confidential organization information (Ironport,2007).
26
While data leaking solutions must address the risks inherent in data at rest and data at
the end-point (data in use), organizations must begin implementing comprehensive
data leakage prevention solutions, specifically to prevent employees, consultants,
vendors, and any other authorized users from transmitting sensitive data outside the
organization.
(iv) Proposing a comprehensive DLP solution to prevent confidential data from leaking
to the unauthorized persons or organizations by (Ironport, 2007):
§ Monitoring communications going outside the organization.
§ Encrypting email containing confidential contents.
§ Enabling compliance with global privacy and data security mandates.
§ Securing outsourcing and partner communications.
§ Protecting intellectual property.
§ Preventing malware-related data harvesting.
§ Enforcing acceptable use policies.
§ Providing deterrence for malicious users (by creating the possibility of being caught).
In addition to blocking communications with sensitive data from being sent outside
the organization, a DLP solution can also be useful in helping organizations to comply
with their regulations. When organizations seek for a specific solution to the sensitive
data leaking problem, they must be keeping DLP best practices in their mind, which
can help in determining the right solution for organizations' specific
requirements (Ironport, 2007).
27
Deloitte’s (2006) Global Security Survey sized very well the sensitive data leakage
problem through the following statistical numbers, which can be very useful to us to
understand the size of this problem properly (Ironport,2007):
§ 31 percent through viruses programs.
§ 28 percent through insider fraud.
§ 18 percent accidentally.
§ 19 percent through other means.
§ 4 percent unspecified means.
Figure2.4: The Most Common Internal Security Breach Causes
(Source: Deloitte’s 2006 Global Security Survey)
28
The Privacy Rights Clearinghouse report, showed the following statistical information
about the total cost of sensitive data breaches in USA between 2005 and end of 2006
(Ironport,2007):
§ More than 100 million data records of U.S residents have been exposed due to security breaches since February 2005.
§ The Federal Bureau of Investigation (FBI) estimated the total cost of all data breaches in 2006, including all corporate data in USA, at $62.7 billion.
§ The average cost of one incident of data loss or leakage for large organizations is estimated at $4.8 million.
Recently, some specialized researches in information security indicated many
important facts like (Ironport, 2007):
Fact Source
Ø More than (80%) of informationsecurity breaches are caused byemployees within the organization.
Ironport Systems Report,2009
Ø The majority of all data leakageproblems were the result ofunintentional errors by the employeesthemselves or by their partners alike.
Ironport Systems Report,2009
Ø Highlighting on urgent need forconducting security awarenesssessions and training workshops forthe employees of the organizationabout how to protect and preventsensitive data from leaking to thewrong hands.
Ironport Systems Report,2009
Ø As your network traffic increases,your chosen solution must scale tokeep pace with both volume andnetwork bandwidth.
Bradley R. Hunter
Director of Technology Solutions,
American Hospital Association (AHA)
Solutions, Inc.
29
Ø The average information leak costsorganizations approximately $182 perrecord, averaging roughly $4,800,000per breach in total.
Ponemon Institute
Ø You have to understand what kind ofsensitive data you have, and do a riskevaluation of what happens if data areexposed or get in the wrong hands.
Thomas Raschke
Senior Analyst, Forrester Research, Inc.
Ø Employee's error is now the fourthlargest security concern in theenterprise – behind malware, spywareand spam.
IDC Enterprise Security Survey , 2006
Ø Data loss is not only a significantproblem for companies in data-sensitive industries, but also fornearly any company conductingbusiness worldwide.
Ironport Systems Report,2009
Ø More than 100 million data records ofU.S residents have been exposed dueto security breaches since Feb/ 2005.
Privacy Rights Clearinghouse
Ø Current policies designed to protectorganizations against the leakage ofsensitive information are notconsidered effective by the majorityof organizations.
Osterman Research
Messaging Policy Management Trends
Report, 2007-2010
Ø A DLP solution must run at line-speed–scaling to gigabyte networkrates if required.
Ironport Systems Report,2009
Ø We seem to be in the midst of a ‘dataloss epidemic’, with tens of millionsof individuals receiving data lossnotification letters this year.
Rich Mogull
Research Vice President, Gartner, Inc.
Ø Data-leakage prevention tools catcherrors, not theft “Products are useful,but not against data-theftprofessionals”.
Tim Greene,
Network World , September 2007
Ø DLP reduces the chance sensitivedata will leak, but severalimplementation pitfalls can curtail itseffectiveness.
Rich Mogull
Analyst & CEO of consultancy Securosis
Information Security Organization
Table 2.2 Best Facts about Data leakage Prevention (DLP) Solution (Ironport, 2007)
30
The last paper for Sophos -Information Security Company- published in June/2010
under the title “Four principles of effective threat protection”, has fully defined the
right strategy and required tools to defend your business against malware programs,
through answering on series of significant questions like (Sophos, 2010):
1. What is the real challenge for businesses organizations today?At present, malware attacks became a serious danger for a lot of organizationsin the world. Therefore, they cannot be ignored because they affect heavily onlarge organizations from different situations (e.g. the costs of securitybreaches, work's continuity, and organization’s compliance with regulations).
2. What is the security breaches cost?
The costs of sensitive data breaches are often substantial on the organization'ssecurity budget. Therefore, this matter can happen only when you/it can'tbe stopping the intruders' attacks on their computer systems.
3. What is the threat on business continuity?
Many of security breaches affect widely on the organizations' works and employees alike, through different aspects (e.g. ability to use your systems, your data or both), resulting in loss of more time and money. For instance, organization's PC(s) that becomes infected with malware, must be completely cleaned and repaired. In the meantime, users of those PC(s) grow unable to do their works normally as they should.
4. What are the risks on the organization’s regulatory regulations?
Besides the related substantial costs of any security breach, all organizations are responsible for complying with governmental regulations and commercial standards which are fully compatible with privacy and security of data. Regardless of its size, non-compliance with the regulatory regulations makes it vulnerable to external threats and damages of its reputation.
31
Chapter 3: System Methodology
3.1 The System Methodology Description’s
In this thesis, we describe a new approach for reducing intentional data leakage
actions through monitoring user’s actions. The proposed approach involves four
main steps:
Step 1: Pre-study of sensitive data of the organization.
In this step, sensitive data are defined and identified. This step is done through
consulting the owner of the organization.
The information in an organization, that is considered sensitive, will differ depending
on the business of the organization. Sensitive data may include business records,
product designs, personal information, company information, and so on (John, 1996;
Eric, 2003; Matt and Sathyanarayana, 2005).
There is some information that will be sensitive in all organizations. Examples are
personal information for employees, payroll information, phone numbers and home
addresses for employees.
Figure 3.1: Data Manipulation Requirements
32
Step 2: Pre-design of the Organization Information Policy (OIP)
In this step, we define (also through consulting the owner(s) of the organization) how
sensitive data should be protected. This policy should be constructed to cover all
sensitive information within the organization. An OIP basically determines who can
view the policy. That is; given a particular sensitive piece of data d, will indicate the
set of individuals who can have access to d. The OIP also defines the specific access
right of individuals. This means that and individual may have reading right to d but
not resending it.
Figure 3.2: Employees Authority Requirements
33
One more thing to notice is that it is important to remember that not all information in
the organization is sensitive all the time. The choice of what information is sensitive
must be carefully articulated in the policy and to the employees.
An OIP provides the rules governing how systems should be configured and how
employees of an organization should act in normal circumstances, and react during
unusual circumstances.
An OIP performs two primary functions (Eric, 2003):
1- Policy defines what security should be within an organization.
2- Policy puts everyone on the same page so everyone understands what isexpected.
Step 3: Enforcing the OIP through computer based techniques
In this step, we design and implement computer-based solutions to enforce the pre-
designed OIP of the organization. For that, we will be using both server-side as well
as client-side scripting programming languages.
Step 4: Monitoring user’s actions for extended future protection
In this step, we use client-side scripting programming languages to monitor and
record users' actions (at a data repository at the server side). The goal is to use this
collected data for two purposes:
• Detection of possible data leakage cases, and probably reporting thosepossible cases to an administrator. The responsibility of the administrator is tocontact the user who is being monitored to warn him/her of the danger of whathe/she is trying to do.
• In case of having a data leakage case, the collected data may prove useful inidentifying which of the users is most probably responsible of the data leakagecase.
34
3.2 Data Leakage Prevention (DLP) Integrated Solution
The established fact is that most business organizations in the world across different
sectors (for example, governmental establishments, ministries, special companies,
banks, and universities) simply don’t have enough technical staff,
governmental/special funds, resources, and they need intensive efforts to implement
suitable security requirements within sturdy strategy security plan to face data leakage
problem effectively. Of this reality, emerged the urgent need for organizations to
implement series of new security solutions that combine the features of DLP solution
with other security tools, to provide an integrated solution to this problem from its
roots. Hence, this paper has proposed an integrated solution based on the achievement
of two main phases [Two Layers of Defense], summarized as follows (Sophos, 2009):
Phase (1): Protecting Sensitive Data of Organization (First Layer of Defense)
ü Endpoint Protection (Protecting Data inside Organization):
The proposed procedures to guarantee endpoints nodes inside the organization
are safely (Sophos,2009):
Ø Prohibit the use of non-necessary applications such aswireless network connections, sharing files, FTP clients,instant messaging service (IM), and unauthorized emailclients. Therefore, all employees should be fully aware ofthe dangers of sending and sharing organization’s datavia these applications.
Ø Blocking the different spyware programs which can beused effectively by information hackers in stealing thesensitive data of organization, using powerful anti-malware solutions.
Ø Careful check that every PC connected to network withinthe organization is compatible with organization’ssecurity policy.
Ø Managing properly access operation to any type ofportable storage devices, such as USB keys and others.Consequently, these devices can be forms of high securityrisks within any organization, because they are so easy tolose.
Table 3.1 Endpoint Protection Procedures (Sophos, 2009)
35
ü Gateway Protection (Protecting Data Outside Organization):
At present, many organizations have their own websites and e-mails. These
may contain a lot of security functions that can be used to prevent
sensitive/confidential data from being sent outside the organization, or to
unauthorized users within the organization. These functions include
(Sophos, 2009):
Ø Monitoring and Controlling users from accessing to particular web-sites, well-known web mail sites (e.g. Yahoo! Mail and Googleemail), and applications which can form a serious threat to anorganization itself.
Ø Preventing users from uploading or downloading certain types of datafiles, and warning them clearly from unauthorized file types which arecoming in their emails.
Ø Controlling and blocking the unauthorized use of Instant Messaging(IM) and FTP traffic between the users themselves, or with otherusers/organizations from outside.
Ø Taking a series of preventive measures to protect against “drive-by-downloads” features, which secretly place specific spyware code onthe user’s PC, when they accidentally visit a particular sabotagewebsite. Consequently, these tricks require from the users withinorganization to be well aware about the seriousness of these threatsshould they occur.
Ø Verifying the contents of web traffic periodically to ensure being freefrom any Viruses, spyware, and malware. On the other hand, beconfident that these programs will not be downloaded onto the user’sPC.
Ø Scanning accurately the Contents of email messages and attachmentsof various kinds, to control and prevent sensitive data from leakage byidentifying specific keywords relating to confidential data of theorganization.
Table 3.2 Gateway Protection Procedures (Sophos, 2009)
36
Phase (2): Securing Sensitive Data of Organization (Second Layer of Defense)
In fact, despite of having the best solutions for data leakage problem and the
best policies to securing the sensitive data of organization, still there is a
possibility of leaking or losing at any moment to the wrong hands intentionally
or accidentally. So it is essential to have a second layer of defense [Encryption
Sensitive Data]. Data Encryption is considered as one of the traditional methods that
have been used effectively for a long time to protect data when they move from one
place to another. Over the past years, many researchers and specialists in
information security agreed on that the proportion of the potential risks to
organization itself or users alike, becomes low if data had been encrypted very well
compared with Non-Encrypted data (Sophos,2009).
If the organizations want to secure its sensitive data and devices alike, they
should (Sophos, 2009):
Ø Perform full disk encryption for PC’s, laptops, and notebooks according totheir importance.
Ø Encrypt sensitive data, which are stored on removable storage devices (e.g.USB drives, CDs and DVDs).
Ø Encrypt e-mail’s content to prevent unauthorized users from reading them.
Table 3.3 Secure Data Procedures (Sophos, 2009)
Encrypting sensitive data and devices, used inside the organization in this
manner, means that both are existing in safe modes, even if they are reached by the
wrong hands. But the main question that must be kept into our minds is "whether
the process of encrypting sensitive data only, is enough to protect it from any risk?"
37
In August/2008, Rich Mogull (2008) indicated in his article, published in the
information security magazine, the importance of using Data Leakage Prevention
(DLP) solution tools within different sectors (business, health, and education) inside
any organization; where these tools are extremely effective for reducing the risk of
sensitive data leaking. But like any another security tool, if not used properly, the
results will not be absolutely positive. By avoiding a few several implementation
pitfalls, which may curtail its effectiveness, then the organization can save time and
money altogether while better protecting itself. On the other hand, he suggested
some key points that can be more useful for any organization to avoid these pitfalls
, when implementing and using DLP tools within it, such as (Rich, 2008):
Key Point Name Description
1Ø Set the Right Expectations
- DLP solution is absolutely considered in reducing the risk of sensitive data leaking, not eliminating this threat.
- DLP solution implementation inside many organizations could become fail because many are unable to understand very well what the technology is able to do today, and how to integrate this solution properly in business operations, or with other security tools.
- DLP solution is not a magic cure used to eliminate the sensitive data leaking problem completely, but like any other security tool, it has different capabilities, particularly with regard to the content analysis of documents that are sent. Therefore, none of them can provide a complete protection for all data from every conceivable threat.
-The most important thing for the organization management, prior beginning to implement DLP solution, is to know what are the different kinds of policies that can be defined and make sure of the enforcement options that are
38
available in reality. Later, the proper workflow needs to be in right the place to handle any policy violations.
- The best right expectations are based on a series of key components like:
1- Knowing what data that need protection.
2- Knowing the capabilities of the security tools which are available within the organization and that are used to protect the data. 3- Knowing the workflow for handling threats or expected incidents.
2 Ø Start with Small, Well-Defined Policies
- Before implementing the DLP solution tools widely, the organization should start with single, simple, small, and well- defined policy that capable to work within a limited scope to monitor its behavior properly.
- The organization, before implementing any specific policy, should carefully examine all respects; because the organization could face a real risk when implementing any policy, that is unstudied previously, thereby affects directly on the workflow within it. Therefore, every organization should take a lot of time to tune the policy until the expected results materialize, and then expand this implementation by adding new policies and enforcement actions.
3 Ø Use the Right AnalysisTechnique for the RightContent
- Nowadays, most organizations across different business sectors, e.g. education, health, telecom, and banking suffer from the false positive problems. Most of the time, false positives are real positives, but they denote content that poses no risk or threat on the business environment. Here, each organization should use a more effective content-analysis technique, for instance (fingerprinting database for employees). In this case, the organization can reduce the false
39
positives to an acceptable level.
- When the organization uses the right content-analysis technique, it reduces the False positives problem, and at the same time, enables more effective use of DLP
solution tools.
4Ø Clean Up Registered Data
before loading it into aPolicy.
- Most organizations today use databases systems to store sensitive data documents that are related to the organization itself, or about the employees working within it. This issue requires them to have well- defined policies to protect the registered data properly from any risk or threat.
- To achieve that goal inside databases, make sure of the removal of the bad contents, which can create false positives. For instance, if one of employees has listed as a Social Security Number (SSN) in its database, it will cause every '0' in any email trigger a warning alert. But as for unstructured documents, you can simply exclude document header or corporate footers that are common among them. It doesn't take a lot of time, and will materially improve the expected results.
5Ø Start with Good Directory
Integration (and cleandirectories).
- The management of organization should design well-defined DLP policies to gain the best results when applying DLP solution tool within it. These policies should be fit and fully understood for both users and groups. On the other hand, there is something else important. It is the responsibility of the management of the organization where it should be sure that the DLP solution tool is properly integrated with the organization’s directory structure, and then take the advantages of DLP solution tool to tie users or groups across a well-defined protocol, like Dynamic Host Configuration Protocol (DHCP), when they want send/receive any
40
type of sensitive data documents.
- Some organizations are facing many problems in tracking down the offending users/groups. This is due to the directories structures of organizations which contain a set of bad data within them. This issue turns the policies which are applying on the right people, very difficult. Therefore, these directories need a comprehensive review to get rid from bad data before integrating them, and then be tested to make sure that this integration is working properly.
6Ø Work Tightly with
Business Units, don t justStart Enforcement
- If the organization implemented DLP solution within it at this case, it needs to add an appropriate DLP policy to guarantee that the implications of the enforcement of that policy on the business units will be fully understood by everyone.
- If you are viewing the organization's business units as an integrated package by employees, departments, vendors, customers, and partners, then can talk more clearly about the need for a Real, capable policy to achieve a balance between business needs and risk management. This issue requires the organization management to collect a lot of feedbacks to tune this policy properly.
Table 3.4 The Key Points Of DLP Solution (Rich, 2008)
41
Chapter 4: System Implementation
The main goal of this thesis is to put a solid basis for a new security application (Web
Based Application System) that can be used within many organizations to protect and
prevent sensitive data from leakage to the wrong hands intentionally or accidentally.
The system implementation represents and describes a new security approach, which
can be used within any organization to prevent and reduce the intentional data leakage
actions through monitoring user’s actions, and also to discuss a new security
application that has put all the theoretical information in this thesis into practical use.
In this thesis, the proposed approach will use the three tier software architectures to
build an integrated DLP solution inside the organization's internal environment.
In software engineering, multi-tier architecture (often referred to as n-tier architecture)
is a client–server architecture, in which the presentation, application processing, and
data management are logically separate processes. For example, an application that
uses middleware to service data requests between a user and a database employs
multi-tier architecture (Wikipedia, 2008).
The most widespread use of multi-tier architecture is the three-tier architecture.
N-tier application architecture provides a model for developers to create a flexible
and reusable application. By breaking up an application into tiers, developers only
have to modify or add a specific layer, rather than rewrite the entire
application over. There should be (i) a presentation tier, (ii) a business or data access
tier, and (iii) a data tier. The concepts of layer and tier are often used interchangeably.
However, one fairly common point of view is that there is indeed a difference, and
that a layer is a logical structuring mechanism for the elements that make up the
software solution, while a tier is a physical structuring mechanism for the system
infrastructure (Kioskea, 2008; Wikipedia, 2008).
42
Three Tier Software Architectures
Three Three-Tier-Software is defined as client server architecture in which the user
interface, functional process logic (business rules), computer data storage and data
access, are developed and maintained as independent modules, most often on separate
platforms. This concept was developed by John J. Donovan in Open Environment
Corporation (OEC), a tools company he founded in Cambridge University (Wikipedia,
2008 ; Wordiq,2010).The concept of Three-Tier or Layers and multi tier architectures
is originated with the idea of rational software model. Usually, they are also located
on different platforms. This architectural model is considered as both software design
pattern and software architecture (Exforsys, 2008).
What is a Layer?
A layer is a reusable portion of code that performs a specific function. In the NET
environment, a layer is usually setup as a project that represents this specific function.
This specific layer is in charge of working with other layers to perform some specific
goal. In an application where the presentation layer needs to extract information from
a backend database, the presentation would utilize a series of layers to retrieve the
data, rather than having the database calls embedded directly within it (Brian M.,
2008). Besides the advantages that typically come with modular software with well
defined interfaces, Three Tier systems are designed to allow any of its tiers to be
upgraded or replaced, without interfering with the other tiers or requiring a major
change in technology. For instance, if one were to change its operating system to
UNIX from Microsoft Windows, only the user interface code would be affected
(Wordiq, 2010).
43
The user interface generally runs on a desktop PC computer, or a work station. It
utilizes a normal graphical user interface. Therefore, the functional process logic
might be consisting of one or several different modules running on a single
application server or workstation. A Relational Data Base Management Systems
(RDBMS) on a database server will contain the data storage logic. From this point,
the center tier may itself be multi tiered. If this is the case, then the architecture is
referred to as n-tier architecture (Wikipedia, 2008).
Why Three-Tier?
Three-Tier Architecture emerged in the last decade as a means of overcoming two tier
architecture limitations. The third tier was added as a middle tier between the data
management server and the user interface. This middle tier is a provider of process
management. This is where business rules and logic are typically executed. Several
hundred users can be accommodated under a Three Tier model, whereas in a two tier
model only about a hundred users could be accommodated. Three-Tier Architecture
accomplishes this through such convenient functions as application execution,
queuing, and database staging (Exforsys, 2008).
Three-Tier Architecture is typically employed when a distributed client server design
is necessary that will provide an increase in performance, scalability, flexibility,
reusability, and maintainability. At the same time, the complexity of the distributed
processing is concealed from the end user. As a result of these optimizations, Three
Tier Architectures have been found convenient models for Internet applications, as
well as information systems that rely on the World Wide Web in some way (Exforsys,
2008).
44
Three-Tier architecture is considered as the most suitable architecture for large, web-
based enterprise applications. The partitioning of the application enables rapid design
and development of the system. The modularity makes it easier to make changes to
just one tier without affecting the others. Separating the functions into distinct tiers
makes it easier to monitor and optimize the performance of each layer. Load
balancing and adding more capacity can take place independently at each layer.
Multi-tier architecture also makes it simpler to scale the system across multiple
processors on different machines (Talent, 2009).
Three-Tier Architecture contains the following tiers or levels (Rahman, 2005;
Exforsys, 2008):
1. Presentation tier/Graphical User Interface (tier one).
2. Application /business logic/logic/data access/or middle tier (tier two).
3. Data/resource tier (tier three).
Figure4.5: Visual Overview of a Three-Tier Application (Wikipedia, 2008)
45
This table provides a detailed explanation for Three-Tier Architecture model like the
following (Sumit Roster, 2000; Brian M., 2008; Sheo, 2008; Wikipedia, 2008; Talent,
2009):
Tier-Number Tier-Name Tier-Description
1 Ø Presentation Tier(GUI Layer)
- This is the topmost level of the application. The presentation tier displays information related to such services as browsing products, purchasing, and shopping cart contents. It communicates with other tiers by out-putting results to the browser/client tier and all other tiers in the network.
- Delivers the application to the end users on the Web.
- Contains all things that are visible to the user, the (outside) of the system, such as screen layout and navigation. This layer has techniques like HTML, Java applet, Java Servlet, and JHTML.
- Contains pages like aspx (which had been created by using visual studio.net) or windows from where data is presented to the user or input is taken from the user.
- The most important layer simply because it’s the one that everyone sees and uses. Even with a well structured business and data layer, if the presentation layer is designed poorly, this gives the users a poor view of the system.- The application tier is pulled out from the presentation tier and, as its own layer; it controls application functionality by performing detailed processing.
- Contains and executes the rules that run
46
2
Ø Application Tier(Object Layer)
the application.
- This is the core of the system, which is the linking pin between the other layers. The object layer has knowledge, in two different ways:
i. Runtime values, like the customer name "Muneer Hasan" or the invoice number "M20005308".
ii. Structural knowledge, about data and processing.
Data example:A particular customer can receivemany invoices, and an invoice alwaysgoes to just one customer.
Process example:Know who does what. Every objectknows his own methods.
So, inside the object layer, you will findmany things like Classes, Objects, InstanceVariables, Methods, Polymorphism,Encapsulation and Inheritance.
- Contains a set of validations rules or calculations related with the data.
- It’s the vital layer in that it validates the input conditions before calling a method from the data layer. This ensures the data input is correct before proceeding, and can often ensure that the outputs are correct as well. This validation of input is called (business rules), meaning the rules that the business layer uses to make “Judgments” about the data. However, business rules don’t only apply to data validation; these rules apply to any calculations or any other action that takes place in the business layer. Normally, it’s best to put as much logic as possible in the business layer, which makes this
47
logic reusable across applications.
3 Ø Data/Resource Tier(Database Layer)
- Consists of database servers. Here information is stored and retrieved. This tier keeps data neutral and independent from application servers or business logic. Giving data its own tier also improves scalability and performance.
- Manages the data required by the application.
- Any object from the object layer can write itself to one or more tables. In the database layer, you'll find many structural concepts like database system, relations, table, SQL and result set.
- Contains a set of methods that helps business layer to connect the data and perform required action, might be retrieving data or manipulating data (insert, update, delete).
- The key component, because most applications today depend on the data. The data has to be served to the presentation layer somehow. The data layer is a separate component (often setup as a separate single or group of projects in a .NET solution), which sole
purpose is to serve up the data from the database and retrieve it to the caller.
- The key component for the most applications today and this is due to these applications are depending heavily on the data in accomplishing its daily works. The data has to be served to the presentation layer somehow.
Table 4.1 Detailed Description of a Three Tier Architecture Model
48
Web Development Usage
In the field of Web development, Three Tier is often employed in reference to web
sites. In particular, Electronic commerce web sites are used in this system. This type
of web site is usually built utilizing the following Three Tiers (Wikipedia, 2008):
1. A front-end web server, which serves static content. In web based application,front end is the content rendered by the browser. The content may be static orgenerated dynamically.
2. The middle level is typically an application server. It might use, for example, aJava EE, ASP, NET platform.
3. A back-end database, which will contain both database management systemand the data sets or Relational Data Base Management Systems (RDBMS)software that manages the data and provides access to it.
49
Three Tier Architecture Technical Details
In the diagram below, we can see a model of Three Tier client server architecture. As
you can see, it contains a User System Interface on the top tier (Exforsys, 2008). This
is where such user services as text input, session, display management, and any other
actions.
Figure4.6: Three Tier Architecture Model (Exforsys, 2008)
Generally, Three-tier architecture model is divided into three levels (Exforsys, 2008;
Sheo, 2008):
• User System Interface (Client Level): At this level, the client is the computersystem, which requests the resources, equipped with a user interface (usually aweb browser) for presentation purposes.
• Process Management (Middleware Level): This level represents the applicationserver, whose task it is to provide the requested resources, but by calling onanother server. The middle level on the above model provides processmanagement services which will be shared by multiple applications. Theseservices may include process enactment, process re-sourcing, process
50
development, and process monitoring. This tier also serves to improveperformance. It is also called the application server. It improves scalability,reusability, flexibility, and maintainability via the centralization of process logic.
This centralization makes change management and administration a lot simplerby localizing the functionality of the system, so that changes only have to bewritten one time. They are then placed on the central tier and made availablethroughout the systems. With other architectural designs, it would be necessaryto write the change into each and every application.
The central process management tier also serves as a controller of asynchronous queuing and transactions. Thus, this ensures that transactions will be completed in a reliable mode. The middle tier successfully manages to distribute database integrity through a commit process that occurs in two phases. Access to resources based on names, rather than locations, is provided. Thus, an improvement of flexibility and scalability results as the components of a system are either moved or added.
It happens at certain times that the central tier will be divided up into several different units, each serving a different function. When this occurs, then the architecture will be referred to as multi layer. Many Internet applications operate in this fashion. When this occurs, the applications contain light clients that are written in HTML as well as application servers that are composed in either Java or C++. The gap between these two layers is too large to be linked together. So instead, an intermediate layer – or a web server – will then be implemented into the scripting language. Requests from Internet clients are received on this layer, and HTML is subsequently generated utilizing the services situated on the business layer. The additional layer provides an additional level of isolation between the application logic and its layout.
• Database management (Data Level): This level represents the data server,which provides the application server with the data it requires.The data levelcontains database management functions. Its purpose is to optimize data and fileservices without having to result to the usage of proprietary databasemanagement system languages. This component makes sure that the data isconsistent throughout the environment. In order to do so, it utilizes such featuresas data locking, replication, and consistency. The connectivity among tiers canbe changed dynamically, but of course this depends on the user’s request forservices and data.
51
Figure4.7: Three Tier Architecture Levels (Kioskea, 2008)
The previous diagram denotes the following significant notes (Kioskea, 2008):
• Application server sharing between a client, middleware and enterprise server.
• Application server sharing between a client, application server and enterprisedatabase server.
Collectively, three-tier architectures are programming models that enable thedistribution of application functionality across three independent systems, typically (IBM, 2010):
• Client components running on local workstations (tier one).• Processes running on remote servers (tier two).• A discrete collection of databases, resource managers, and mainframe
applications (tier three).
These tiers are logical tiers. They might or might not be running on the same physical server.
52
Figure 4.8: Three Tier Architecture Model (Technical Details) (IBM, 2010)
First tier: Responsibility for presentation and user interaction resides with the first- tier components. These client components enable the user to interact with the second-tier processes in a secure and intuitive manner.
Second tier: The second-tier processes are commonly referred to as the application logic layer. These processes manage the business logic of the application, and are permitted access to the third-tier services. The application logic layer is where most of the processing work occurs. Multiple client components can access the second-tier processes simultaneously, so this application logic layer must manage its own transactions.
Third tier: The third-tier services are protected from direct access by the client components residing within a secure network. Interaction must occur through the second –tier processes.
Communication among tiers: All three tiers must communicate with each other.Open, standard protocols simplify this communication. You can write clientcomponents in any programming language, such as Java or C++. Theseclients run on any operating system, by speaking with the application logic layer.Databases in the third tier can be of any design, if the application layer can query andmanipulate them. The key to this architecture is the application logic layer.
53
Three Tier Architecture Usage Considerations
Three-Tier Architectures tend to be employed in military and commercially
distributed client server environments that necessitate the use of shared resources like
processing rules and heterogeneous databases. Hundreds of users are supported by
Three Tier Architecture, which makes it a lot more scalable than the two tiered
architecture. Since Three Tier Architecture systems help the development of software,
as each tier is capable of being built and executed on different platforms, this makes it
much easier to organize the implementation. Three Tier Architectures also allow for
several different tiers to be developed in a multitude of programming languages
(Exforsys,2008).
It is possible to transform the old system into Three Tier Architecture model with a
low risk and cost. This is accomplished via the maintenance of the old database and
process management rules, allowing both the new and old systems to be run side by
side, until each application and data object has been moved to the new design. Such a
process of migration may well necessitate the rebuilding of legacy applications with
new tools, and buying additional service tools and server platforms. The benefit of
such a move, however, is that Three Tier Architectures can hide the complexity of
supporting and deploying network communications as well as underlying services
(Exforsys, 2008).
Three Tier Architecture Traceability
The end-to-end traceability of data flows through n-tier systems is a challenging task
which becomes more important when systems increase in complexity. The application
response measurement defines concepts and application programming interface
(APIs) for measuring performance and correlating transactions between tiers
(Wikipedia,2008).
54
Three-Tier Architecture Advantages
Three-Tier Architecture model provides a set of advantages like (Sumit Roster, 2000;
Kioskea, 2008):
• A greater degree of flexibility.
• Increased security, as security can be defined for each service, and at eachlevel.
• Increased performance, as tasks are shared between database servers.
• With the right approach the three-tier architecture saves developmentmanpower. Code each bit only once, with powerful re-usage.
• Using the Divide and conquer strategy in dividing the main problem into anumber of sub-problems. This is means that every layer is rather easy todevelop. The best choice having three simple parts than one complex aswhole.
• Better quality in implementation. For each layer, a specialist can contributespecific expertise, for instance a Graphical User Interface (GUI) Designer forthe user interface (tier one), a Java programmer for the object layer (tier two),and a Database Designer for the tables and query (tier three).
Three Tier Architecture Maturity
Throughout the early half of the 1990s, Three Tier Architecture systems have been
utilized successfully on thousands of systems. They were used by the department of
defense, as well as in the business sector, where distributed information computing is
necessary in a heterogeneous environment. The construction of a Three Tier
Architecture model can be quite a lot of work. The fact is, we are still not at the point
where the programming tools that support the deployment and design of such
architectures are able to provide all the services required to support a distributed
computing environment (Exforsys, 2008).
55
One problem in the design of Three Tier Architecture systems is that it is not always
clear that the process management logic, data logic, and interface logic are separate
entities. Occasionally, process management logic can appear on all of the tiers. Thus,
it is necessary to base placement of a particular function on a tier on the following
criteria: the ease of testing and development; the scalability of the servers; the ease of
administration; and the performance – this includes both network load and processing
(Rahman, 2005). Three Tier technologies also have a lot of complimentary
technologies, such as object oriented design, which is used to implement
decomposable applications. Other technologies include database two phase Commit
processing and Three Tier client server architecture tools. Useful middleware includes
message oriented middleware and remote procedure call (Exforsys, 2008; Wikipedia,
2008; IBM, 2010).
56
Chapter 5: System Description
5.1 Application Hierarchy
Admin Area User Area
DMSLogin
DMSHome
SystemGroups
DepartmentsSystemRoles
Users MonitoringUser Action’s
Send
Receive
Delete Update
Download
Upload
57
5.2 Admin Area Details Operations
Roles Groups Departments
AdminArea
Users
MonitoringUser
Action’s
Add Update DeleteSendand
Receive Docs
Block Add Update Delete
PersonalInformation
Usernameand
Password
RoleStatus
GroupName
DepartmentName
Name
Status
OfficerName
Description
Uploadand
Download Docs
Updateand
Delete Docs
58
5.3 User Area Details Operations
Sent Items Trash
UserArea
Files
InboxUploadFiles
My Files
From To Importance DetailsTitle
Add File
File Name
Clear UploadAdd
Name Type Send to Edit(File Info)
ID
Dept GroupUser
59
5.4 System Scenario
At first, they require from him/her filling the correct user name and password for
them before entering into the Document Monitoring System (DMS).
In this section, we describe the work flow scenario for the proposed application
system and how this application can be used effectively in reducing intentional data
leakage actions through monitoring user’s actions. The proposed application involves
two main scenarios:
60
5.4.1 Admin Area Scenario
If the previous user was logged as an administrator then he/she could be playing a
major role in executing the following actions:
• Add New Users:
In this step, we can add new users by defining those comprehensive information
properly for them like (First name, Last Name, E-mail, Mobile-no, User name,
Password, Role Type, Group Name, and Department Name).
61
• Add New Group or Department:
In this step, the administrator can be added new groups or Departments by defining
that information properly like (Group name, Department name, Officer Name, and
General description).
• Monitoring User’s Actions:
In this step, the live monitoring screen plays a vital and major role in monitoring and
recording the users' actions on the transmitting or receiving documents between all
users. The primary goal from this screen is to use these collected data for two
purposes:
1. Detection of possible data leakage cases, and probably reporting those
possible cases to an administrator of the organization. The responsibility of
the administrator is to contact the user who is being monitored to warn
him/her of the danger of what he/she is trying to do.
62
2. In case of having a data leakage case, the collected data may prove useful in
identifying which of the users is most probably responsible of the data leakage
case.
63
5.4.2 User Area Scenario
But if the previous user was logged as a normal user then he/she could performing a
lot of various actions for example, and not exclusively:
• Upload Specific File:
At this step, normal user can upload any specific file with different types, and then
preparing it very well to send to a particular user, group, or department.
64
• Sending File:
In this step, from my files option he/she can choose the file you want to send to
another user, groups, or departments. Furthermore, identifying a set of important
characteristics before it is sent (e.g. file name, file's importance degree (high, medium,
low), destination address, message title, and the subject of the message).
65
• Receiving and Reading files:
At this step, each user should be checking from time to time its own inbox, in order to
see if any new files have been received from others inside the organization.
From other hand, when you click on the Details button file, it allows for the user
viewing more details about the received files by others. Then be able to do a wide
range of different options (e.g. reading, downloading, replying, forwarding, and
deleting them).
66
Chapter 6: Conclusion
Sensitive Data leaking prevention became one of the most pressing security issues
facing Organizations today. The most effective solution to the problem is to see Data
Leakage Prevention solution (DLP) as a part of your overall security problem. This
solution can be fully integrated with other security tools within organization, to form a
comprehensive security strategy plan to protect these data properly. Data Leakage
Prevention (DLP) solution can be used effectively in reducing intentional sensitive
data leakage actions, through monitoring user’s actions and protecting three groups of
organization's data: data at rest, data in use, and data in motion. This solution can be
regarded as “integrated” through achieving two main phases [two layers of defense]:
protecting sensitive data and securing sensitive data of organization alike. The
organization also needs to create an Acceptable Use Policy (AUP) for users, and at
the same time ensuring both are compliant with organization policies. To avoid
getting broad sided by a data leakage, organizations must evaluate their vulnerabilities
and respond appropriately by many ways like: Endpoints protection, Gateway
protection, and encryption data.
67
References
Ala'a H. Alhamami, Sa'ad A. Alani, (2007). Technology of Information Securityand Protection Systems, 1st Edition, Dar Wael, Jordan.
Ben Rothke, Cissp, (2005).Computer Security: 20 Things Every Employee Shouldknow, 2nd Edition, McGraw-Hill/Osborne Media, USA.
Brian E. Burke, (2008). Information Protection and Control Survey: Data LossPrevention and Encryption Trends, International Data Corporation (IDC), Doc #211109, USA.
Brian Mains, Dot Net Slackers (2008). Introduction to Three-Tier Architecture ,Dot Net Slackers Articles, USA.
Charles P. Volonino, Linda Volonino, Stephen R. Robinson, (2003). Principles andPractice of Information Security, 1st Edition, Pearson Prentice Hall Inc., USA.
Data Leakage Worldwide: The High Cost of Insider Threats (2008), Cisco WorldWide Systems, Inc., USA.
Daily Mail Online News Paper, United Kingdom, London, 13 June 2008, "BunglingSpy Who Left Secret Files on Train Faces the Sack.
Eric Maiwald, (2003). Fundamentals of Network Security, 1st Edition, McGraw-Hill Education- Europe, USA.
Three Tier Software Architectures (2008), Execution for Systems Inc. (Exforsys),Application Development, USA.
68
Stop data leakage: Fidelis Extrusion Prevention System (2008), Fidelis SecuritySystems, Washington DC., USA.
Graham Cluley, Sophos Information Security Institute (2008). Second Man PleadsGuilty in Huge Data Breach Case, naked security Data Loss articles, USA.
Three -Tier Architectures Technical Details (2010). International BusinessMachines (IBM), IBM WebSphere Application Server, Armonk, New York, USA.
Data Loss Prevention Best Practices: Managing Sensitive Data in the Enterprise(2007). Ironport Email and Web Security, Cisco, USA.
John M.Carrol, (1996). Computer Security, 3rd Edition, Butterworth-Heinemann,USA.
Networking Three Tier Client/Server Architecture (2008). Kioskea NetworkingEnterprise, Kioskea Articles, Networking Client-Server Articles, London, UK.
M. Mourad, J. Munson,T. Nadeem, G. Pacifici, M. pistoia,A.Youssef,WebGuard:ASystem for Web Content Protection , May 2001, in the Proceedingof the tenth international World Wide Web (WWW) Conference,WWW10,HongKong, China, 1-5 May 2001.
Matt Bishop, Sathyanarayana S. Venkatramanayya, (2005). Introduction toComputer Security, 1st Edition, Pearson Education Inc., USA.
Mark Neil, Ezine Articles, Stopping data leakage: Making the most of yoursecurity budget (2009). Computers and Technology, UK.
Data Loss Prevention (2008). Prathaben Kanagasingham, Sans Security AwarenessInstitute, DLP, Data Loss Prevention White Papers, Maryland, USA.
2009 Annual Study: Cost of a Data Breach (2009). Ponemenon Institute,Encryption Reports, Michigan, USA.
69
Rahman Mahmoodi, Three-tier architecture in C# -Code Project: Advantages andUsage of Three-Tier Architectures in C# (2005). Code Project Enterprise,Development life cycle, Design and Architecture Articles, Toronto, Canada.Retrieved November 05, 2010 fromhttp://www.codeproject.com/KB/architecture/three_tier_architecture.aspx
Randy Ludlow, Personal Information Accidentally E-mailed by OSU-Wooster(2008). Columbs Dispatch, Ohio State University, Wooster Campus, USA.
Rich Mogull, Information Security Magazine (2008). How to Avoid DLPImplementation Pitfalls, Volume August 2008, Pages 22-24.
Rich Mogull, Sans and Securosis Security Institute (2009). Understanding andSelecting a Data Loss Prevention Solution, DLP Reports, USA.
Robort Westervelt, Search Financial Security Institute (2007). Survey: CompaniesDisregard Data Security Breach Risks, Financial Services Information SecurityArticle, UK.
SANS What Works in Data Leakage Prevention & Encryption Summit (2010).Sans Security Institute, , in the Proceeding of the SANS what works in data leakageprevention and encryption 2010 Conference, New orleans,USA,7-12 January 2010.
Sheo Narayan, Three-Tier Architecture in ASP.NET with C# (2008).Fundamentals of Dot Net Enterprise, Retrieved November 03, 2010 fromhttp://www.dotnetfunda.com/articles/article71.aspx
3 tier architecture: GUI, Objects, Database (2000). Sumit Roster Software Inc.,Nut’s Weekly, Networking Information Security, Nederland.
The Business Justification for Data Security (2009). Sans Institute, SecurosisInformation Security Research and Analysis Reports, USA.
70
Four Principles of Effective Threat Protection: Defining the Right Strategy andTools to Defend your Business against Malware (2010). Sophos InformationSecurity Institute, USA.
How to protect your Critical Information easily (2009). Sophos InformationSecurity Institute, Enterprise data protection, USA.
The Executive Guide to Data Loss Prevention (2010). Securosis InformationSecurity Research and Analysis, Essential Information Protection, USA.
Tim Greene, Network World Security Inc. (2007). Data Leakage Prevention ToolsCatch Errors, not Theft, Network World’s Security, Framingham, MA., USA.
Tom Jowitt, Tech World Inc. (2009). Enterprises Told to Stop IgnoringEncryption, Tech World Security Research Center, UK.
Coming to Terms: Three-Tier Architecture (2009), Talent Management andRecruitment Software Inc., Taleo Research Article, Thought Leadership Studies,USA.
Wikipedia, Application Programming Interface (2010), Retrieved November 20,2010 from http://en.wikipedia.org/wiki/API
Wikipedia, Multitier Architecture (2008), Retrieved November 14, 2010 fromhttp://en.wikipedia.org/wiki/Multitier_architecture.
Wikipedia, Sensitive Data Leakage Prevention Solution (2007), Retrieved February15, 2010 from http://en.wikipedia.org/wiki/Information_Leakage.
Wordiq, Three Tier (Computing) – Definition (2010), Retrieved November 16, 2010 from http://www.wordiq.com/definition/Three-Tier (Computing)
Yasuhiro Kirihata, Yoshiki Sameshima, "A Web-based System for Prevention of Information Leakage", May 2002, in the proceeding of the eleventh international World Wide Web (WWW) Conference, Honolulu, Hawaii, USA, 7-11 May 2002.
71
.
.
.
.
.
. .
.
.