DESIGNING AND DEVELOPING FREE DATA LOSS PREVENTION SYSTEM

University of Piraeus

18th Panhelenic Conference of

Informatics

Koutsourelis Dimitrios a Sokratis K. Katsikas b

Systems Security Laboratory

Dept. of Digital Systems School of Information & Communication Technologies

University of Piraeus

aMsc in Security of Digital Systems

bProfessor, University of Piraeus

Outline

1. Data Loss Prevention and other boring

terms.

2. Main goal and benefits.

3. Implementation.

Data Loss Prevention - What is it?

Data Loss Prevention

Firewalls and IDSsData Loss Prevention

Data Loss Prevention - What is it?

Data Loss PreventionDLP

Data Loss Protection

Dta Leak Prevention

Data Leak Protection

Extrusion Prevention

Information Loss Prevention

Content Monitoring and Filtering

Types of DLP

3 Primary states of

InformationData at RestData in MotionData in Use

DLP Basic Components

Endpoint DLPNetwork DLPCentral Management

Console

DLP’s Basic Characteristic

What and Where?Content AwarenessContent Discovery

OpenDLP

Free , Open Source, agent and agentless based DLP software tool

Regular expressions found in cleartextEncryption defeats this toolComponents:Web applicationAgents

Only deals with the Endpoint

Windows filesystemWindows Network ShareUNIX FilesystemMicrosoft SQL ServerMySQL

OpenDLP

More information:

1. OpenDLP, Available online: https://code.google.com/p/opendlp/.

2. OpenDLP: Data loss prevention tool, Available online:http://www.net-security.org/secworld.php?id=9226.

MyDLP

Free DLP software tool.

Data in motion

Data at rest

Data in use

Agent basedWindows OS

MyDLP

Enterprise Edition

Community Edition

MyDLP

More information:

1. R. K, Open Source DLP – Data Leak/Loss Prevention Application: MyDLP,

Available Online:

http://www.excitingip.com/3950/open-source-dlp-data-leakloss-prevention-

application-mydlp/

.

2. MyDLP, Available Online: http://www.mydlp.com/why-mydlp/.

3. MyDLP Administration Guide, Version 2.0, MyDLP, 2012.

4. MyDLP Endpoint Installation Guide, Version 2.0, MyDLP, 2013.

5. MyDLP Installation Guide, Version 2.0, MyDLP, 2013.

Main Goal DLP solution based exclusively on free

software tools. MyDLP and OpenDLP. Combination and colaboration.

MyDLP Community vs Enterprise Edition

OpenDLP – MyDLP combination

MyDLP

Data in Motion

Data in Use

Data at Rest

OpenDLP

Data at Rest

OpenDLP – MyDLP combination

OpenDLP - What data and

where.

MyDLP – Exact policies for

Data in Motion, Data in Use.

OpenDLP – MyDLP combination

Title???

Section???

OpenDLP – MyDLP combination

Benefits:

1. Limit resources consumption

2. Increase detection speed

3. Reduce False Positives

Human Factor – The weak link

Constant need for human interferenceStart scansCheck resultsUpdate DLP Policies

Human Factor – The weak link

Human Error

and Negligence

The Need for Automation

1. Scan initiation procedure in OpenDLP.

2. OpenDLP’s scan results comparison.

3. Rules creation procedure in MyDLP.

Event scheduling mechanism

e.g. Cron scheduler

NOT TO REPLACE THE WEB PLATFORMS

Selenium WebdriverExport and save results

Start scan

OpenDLP Automation

HTML elements

Results Comparison Automation

if filename AND md5 values NOT in current scan’s resultsFile Deletedif filename AND md5 value EXIST in current scan’s resultsFile unchangedIf filename EXISTS, Md5 value NOT

in current scan’s resultsFile ModifiedXML DocumentExisting Data Modification

Current Scan ResultsPrevious Scan Results

Results Comparison

New Data detectionNew data entries or files detected sent to

administrator via e-mail

If filename NOT in previous scan’s results

New File DetectedIf filename EXISTS, but pattern NOT in

previous scan’s results

New Data Entries Detected

MyDLP Automation

Use of Selenium Webdriver NOT possible

Flash app disassembling not reliable

Limitation

Sikuli

Image Recognition Technology

Parse OpenDLP’s detected dataCustom user objectCreate rules based on custom user object

ConclusionSolid DLP services at no cost!Combination of tools

counterbalances weaknesses.Automation increases system’s

capabilities.Minimize human error and

negligence

References

ISACA, "Data Leak Prevention“, ISACA, 2010.

Prathaben Kanagasingham, Sans Insitute, "Data

Loss Prevention“, Sans Insitute, 2008.

T. Torsteinbø, “Data Loss Prevention Systems and

Their Weaknesses”, University of Agder, 2012.

Securosis, L.L.C, "Understanding and Selecting a

Data Loss Prevention Solution“, Securosis, 2010

References D. Koutsourelis, Designing a free Data

Loss Prevention System, MSc Thesis, Piraeus: Systems Security Laboratory, Dept. of Digital Systems, University of Piraeus, 2014.

Questions ???