Introduction
Data security issues have
been drawing ever-increasing attention of IT professionals, security
specialists, and companies’ top managers. Virus epidemics that have become
pretty much casual, hacked web sites, and data leaks occurring in the greatest
companies have provided IT security-related topics coverage in just about all
mass media.
This triggered significant
sales growth in products for preventing various threats to enterprise
information system. Analysis of such products presented on the IT security
markets reveals that the greatest choice is offered in the area of software and
hardware-based firewalls and anti-virus tools. The area of boundary protection
and viruses, Trojans, and SPAM fighting is best covered in literature on
information security systems deployment. Thus, security specialists' attention
is mainly focused on the external threats.
However, according to
CSI/FBI Computer Crime and Security Survey, the amount of losses caused by data
leaks for 1000 polled respondents has exceeded $70 M. This value has
significantly passed ahead of other IT threats, such as viruses ($27 M), hacker
attacks ($65 M), financial fraud ($10 M.), and made up approximately 40% of the
total value of registered damage. According to the same survey, an average
amount of damages caused by insider activities has totaled $300 thousand, while
the greatest amount of damages made up $1,5 M. The same conclusion was
announced by Ernst&Young, which has confirmed the trends in its annual
survey on IT security issues (Global Information Security Survey
2004). The greatest
growth of IT professionals’ concern is observed in the area of internal
threats. The respondents have put this problem to the second position on the
list of the most serious dangers. 60 % respondents have declared that
employees’ wrongful actions pose a threat to normal functioning of information
systems. This value has passed ahead of such “hot” topics as SPAM (56%), DoS
attacks (48%), financial fraud (45%), and breaches in software security (39%);
it has only yielded to threats posed by viruses and worms (77%).
Thus, the greatest deal of
damages caused by violations in the area of information security occurs due to
leakage and theft of valuable data, i.e. threats caused by the companies’
employees.
Most Popular Security
Techniques
The market of security
systems capable of protecting against data leakage and theft is only beginning
to form. The most widespread family of software offered for counteracting
disloyal employees are the various contextual traffic analyzers, implemented as
either independent products or modules that expand firewall and proxy-server
functionality. Not even pressing in the detailed analysis of concrete products,
it is obvious, that the traffic analyzers are capable of solving a problem of casual
data theft only partially. First, they simply physically do not close such data
transmission channels as wireless networks (Bluetooth, wi-fi) and replaceable
media of various types (diskette, flash-disks, etc.). Second, the analyzers
cannot guarantee preventing theft of data being transmitted over a network (for
example, just about any analyzer can be bypassed using steganography).
Another way of protecting
sensitive data is administrative measures, i.e. unplugging floppy and CD disk
drives and sealing up USB ports. In a combination to disabling network that
carries sensitive data from external networks, this approach is probably the
most reliable solution for the considered problem. On the other hand, enforcing
such measures not only creates extreme inconvenience, but such measures are not
always possible technically. For example, when the keyboard and the mouse are
connected through the USB ports.
Alternatively to the
administrative measures, we may consider the relatively new software, which
allows setting access rights for disk drives and various input/output ports.
Perhaps, such software’s unique advantages before the administrative measures
are the possibility of centralized remote management and setting personal
access rights to computer devices for various employees. Taking into account
that in most cases one employee uses only one computer, the last item is not
really necessary.
SecrecyKeeper Security
Solution
An essentially new approach
to counteracting data leakage and thefts caused by insuders is implemented in
SecrecyKeeper, the data security system.
SecrecyKeeper’s features
include:
— Restrict IT department
employees’ access to confidential data.
— Classify data stored on employees’ workstations and servers by its
security level.
— Assign each of the company’s employees an individual data access level.
— Restrict unauthorized distribution of data by employing data security
levels and employee access levels.
— Control dynamically users’ permissions to data transmission hardware
(diskettes, flash disks, Internet) depending on the users’ access levels and
security levels of documents the users work with.
— Provide complete history of operations with confidential data.
SecrecyKeeper’s mechanisms
are based upon classification of data by security levels and employees of the
enterprise – by access levels. By default, system carries the following data
security levels (stamps): public, office, and confidential. For following
access levels are available for employees:
— User Access Level
(UAL) – defines the greatest security level of data, which the employee may
access.
— Network Access Level (NAL) - defines the greatest security level of data,
which the employee may transmit over network.
— Removable Media Access Level (RMAL) - defines the greatest security
level of data, which the employee may copy to removable media.
Besides the above,
SecrecyKeeper introduces the Computer Security Level (CSL) – which defines the
greatest security level of document that can be opened on the computer. This is
necessary for preventing situations, when, for example, a user with a higher
access level opens a confidential document on computer of a user with less permission,
and that may open unauthorized access to the confidential document.
For data provided by
servers via the client-server technology (e.g., 1C, SharePoint, Axapta, etc.),
the system introduces the Computer Information Security Level (CISL) – which defines
the security level of data stored on the server, which may be accessed over the
network. SecrecyKeeper interprets an attempt to access such server the same way
as if that was an attempt to open a local document with the security level
equal to the server’s CISL.
Thus, SecrecyKeeper not only
allows restricting users to access certain data – this feature is available in
pretty much any operating system available on the market – but also it allows
to restrict transferring data depending on its importance and the user’s
permissions. This not only makes it difficult for users (including IT
personnel) to steal data – it as well drops chances significantly for stealing
confidential data with all kinds of spyware.
Installing and
Configuring SecrecyKeeper
SecrecyKeeper runs in a
Windows 2000/2003 domain and Windows 2000/XP/2003 workstations.
The installation is a
two-step process, which is to be done under the domain administrator
permissions. The first step includes installing the program by running SecrecyKeeperInstaller.exe – the installation program, which
will prepare the domain and install the control console. The installation
process is extremely simple: you may just leave all the settings. The second
step includes installing the agents to workstations; it is carried out in the
control console.
After you launch the
control console, it will prompt you for path to the keys file, which is used
for encrypting SecrecyKeeper’s settings and for restricting access to modifying
these settings. If the keys file is not available, you can only run the console
in the view mode. The console’s look is available on Screenshot 1.
Users – when this item is
selected, the right section of the program’s window will display domain users
with access levels enforced for them.
Computers – when this item
is selected, the right section of the program’s window will display domain
computers with security levels enforced for them.
Event Logs:
Access to documents – when this item is selected, the right section of the
program’s window will display attempts to access and transmit the data.
Logon/Logoff – when this item is selected, the right section of the program’s
window will display attempts to logon and logoff.
Agents – displays technical information on functioning of the agents.
Console – displays technical information on functioning of the console.
Once you have started the
console the first time, you need to create a key file. To open the key file
creation dialog, select the Access Key item on the Settings menu.
To install an agent, open the
Computers section, then select the computer you want to install an agent to on
the list, and then click on the Install button (or select “Install” on the
context menu). If the installation completed successfully, the status of the
computer (see the last column) will change to “Installed, reboot needed”. To
complete the installation, click on the Reboot button (or select “Reboot” on the
context menu). When the computer has been rebooted (this may take from one to
five minutes) click on the Refresh button (or select “Refresh” on the context
menu). The computer’s status should change to “Running”. If an error occurs
during installation of an agent or in the course of running any other operation
in the control console, you may find details on the error in the “Log->Agents”
and “Log->Console” sections.
To modify user access levels
and computer security levels, select the object to be modified in the
corresponding section and then open the settings dialog by clicking on the Modify
button or by selecting the corresponding item on the context menu.
To view history of users’
operations over confidential data, open the “Log->Access to documents”
section; users’ logon/logoff logs are available in the section “Log->Logon/Logoff”.
ApplicationExample
Let’s consider a bulk trade
company as a case study. Let’s suppose, the company has the following structure:
| Subdivision |
Data types |
Security |
Location |
| Board of Directors |
Financial Reports |
Confidential |
Workstation |
| Development Strategy |
Confidential |
Workstation |
| Finance Department |
Financial Reports |
Confidential |
Workstation |
| Accounting Documents |
Confidential |
Server |
| Purchasing Prices |
Confidential |
Workstation |
| Sales Prices |
Office |
Workstation |
| Sales Department |
Sales Prices |
Office |
Workstation |
| Product List |
Public |
Workstation |
| Marketing Department |
Market Research |
Office |
Workstation |
| Public Relations |
PR Campaign Plans |
Office |
Workstation |
| Product List |
Public |
Workstation |
| Human Resources |
Personal Records |
Office |
Workstation |
| IT Department |
|
Public |
Workstation |
| Reception |
|
Office |
Workstation |
Let’s assign access levels
as follows
|
|
UAL
|
NAL
|
RMAL
|
CSL
|
|
Directors
|
Confidential
|
Public
|
Confidential
|
Confidential
|
|
Fin. Dept. Chief
|
Confidential
|
Public
|
Confidential
|
Confidential
|
|
Fin. Dept. Employees
|
Confidential
|
Public
|
Public
|
Confidential
|
|
Sales Dept. Chief
|
Office
|
Public
|
Office
|
Office
|
|
Sales Dept. Employees
|
Office
|
Public
|
Public
|
Office
|
|
Marketing Dept. Chief
|
Office
|
Public
|
Office
|
Office
|
|
Marketing Dept. Employees
|
Office
|
Public
|
Public
|
Office
|
|
PR Dept. Chief
|
Office
|
Public
|
Office
|
Office
|
|
PR Dept. Employees
|
Office
|
Public
|
Public
|
Office
|
|
HR Dept. Chief
|
Office
|
Public
|
Public
|
Office
|
|
HR Dept. Employees
|
Office
|
Public
|
Public
|
Office
|
|
IT Dept. Employees
|
Public
|
Public
|
Public
|
Public
|
|
Receptionist
|
Public
|
Public
|
Public
|
Public
|
The company must as well have
a server, for instance, for the 1Ñ applications, which will store the accounting data. The server must
have the CISL value set to “Confidential”. Restriction of access to data of the
same security level can be carried out with the Windows operating system’s built-in
control tools.
Now all users can work with
documents on their workplaces, while only the department chiefs can move and transfer
the data. At the same time, every event of copying the data will be properly
recorded in the access log.
This method’s main shortage,
which is sequent to its purpose, is that the user that created the document will
be unable to transfer it anywhere else. So, team working on a document appears
to be quite a difficulty. To solve this problem, we may improve the company’s
IT structure by adding one file server for each security level greater than the
“Public” and have users exchange data via those servers. For instance, in the example
above, the company will need two servers. The first one will have the CISL value
set to “Office”, the second one will have that value set to “Confidential”. Disabling
transferring data with security level greater than “Public” to all users will
provide a reliable protection from stealing confidential data with any spyware
tools.
Please pay special
attention to the fact that all the IT department employees have the least
access level. To take care of their duties, IT personnel absolutely doesn’t need
to have access to company’s business data. Nevertheless, in just about any company,
the network administrator may access just about any data. SecrecyKeeper does not
eliminate the threat of stealing confidential data by company’s IT personnel. Nevertheless,
it is capable, especially when combined with wisely developed administrative
measures, of significantly complicate the job of espionage. For example, after you
have deployed SecrecyKeeper, one will be unable to just copy a document with the
“Confidential” stamp from a department chief’s computer over network, and even
a Trojan program installed on the “victim’s” computer will be useless. Much greater
intervention to the system operation will be needed, and that will doubtfully be
unnoticed.
Hence, let us summarize: by
deploying SecrecyKeeper in your company, you can axe the number of users capable
of moving confidential data beyond your company boundaries and eliminate the
possibility of doing that unnoticed – practically at all.
|
