1 / 25

CD Lifecycle & Data Spill Solutions

CD Lifecycle & Data Spill Solutions. Omar J. Fakhri Ph: (727) 505-4701 . Overview. Need Scalable Solutions Phase I Cradle-to-Grave Lifecycle CD Tracking; a. Authenticate & Issue b. Authenticate & Transfer c. Authenticate & Destroy Phase II Secure Storage Of CDs

taro
Download Presentation

CD Lifecycle & Data Spill Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CD Lifecycle & Data Spill Solutions Omar J. Fakhri Ph: (727) 505-4701

  2. Overview • Need • Scalable Solutions • Phase I Cradle-to-Grave Lifecycle CD Tracking; a. Authenticate & Issue b. Authenticate & Transfer c. Authenticate & Destroy • Phase II Secure Storage Of CDs • Phase III Spill-Resistant Network With Bar-coding a. General User Desktops b. Communal desktops with Same-Level CD burning c. Five-Step Process for High-Low Data Transfer • Wrap up

  3. FBI Strategic Objective: IVA.1 Protect the FBI from compromise of its employees. “Security and counterintelligence professionals generally agree that the most significant threat to an organization’s internal security is betrayal by a trusted insider.” (Page 84) The Webster Commission’s Report “…The FBI should study the feasibility of bar coding particularly sensitive classified material, such as asset files, to facilitate control and tracking.”(Page 78)

  4. Phase I Cradle-to-Grave Lifecycle CD Tracking • Phase I a. Authenticate & Issue • Phase I b. Authenticate & Transfer • Phase I c. Authenticate & Destroy

  5. TS Kiosk #11 C S Barcode Readers Barcode Printer Optional Receipt Printing CD Vending Machines CAC Badges & Readers U SCI NSA Certified CD Destroyers Pre Bar-coded (blank) CDs Technology Blending For Cradle-to-Grave Lifecycle Tracking of Recordable Media (CDs) Phase I Components: a. Authenticate & Issue b. Authenticate & Transfer c. Authenticate & Destroy

  6. TS C S U Phase I a. Authenticate & Issue Authenticate Issue Kiosk #11 SCI Track Disallows Issue to personnel without appropriate clearance T -Transferred D - Destroyed S - Stored (Phase II) OC - Owner Custody

  7. Phase I Cradle-to-Grave Lifecycle CD Tracking • Phase I a. Authenticate & Issue • Phase I b. Authenticate & Transfer • Phase I c. Authenticate & Destroy

  8. TS TS Kiosk #11 Phase I b. Authenticate & Transfer Looser Receipt Gainers Receipt Disallows transfers to Personnel without appropriate Clearance Eligibility/Acceptance (Yes/No) Authentication Transfer Complete Hardcopy Printed (Optional) Authenticate Ownership

  9. Phase I Cradle-to-Grave Lifecycle CD Tracking • Phase I a. Authenticate & Issue • Phase I b. Authenticate & Transfer • Phase I c. Authenticate & Destroy

  10. Phase I c. Authenticate & Destroy Kiosk #11 Disallows & Alerts when inappropriate Clearance or “ownership” is detected Authenticate Ownership

  11. Kiosk #11 • Benefits • Full lifecycle accountability • Spot-checks & Tripwires • Prevents Unauthorized Possession • Leverages/blends Existing Technology • No Classified is actually accessed/read Wrap-up Phase I Authenticate & Issue/Transfer/Destroy

  12. Phase II Storage

  13. TS SCI C S Bar-coded (blank) CDs U Phase II - Technology Blending For Secure CD Storage Same Components From Phase I SU#22 + Gutted (Stackable) CD Drives

  14. TS TS C S SU#22 Phase II Authenticate & Store Optional Receipt Printing Opens appropriate gutted CD slot in stack Authenticate Ownership

  15. TS TS C S SU#22 • Benefits • Inventory accountability • Spot-checks & Tripwires • Prevents Unauthorized Possession • Leverages/blends Existing Technology • No Classified is actually accessed/read Wrap-Up Phase II Authenticate & Store

  16. Phase III Spill-Resistant Network

  17. Phase IIISpill-Resistant Network • All CD Readers and CD Writers Require Barcode Reader to Access Drive • a. General User Desktop CD Readers Integrated With Barcode Reader • b. Communal Desktops with Same-Level CD Burners • c. Centralized High-Low CD Burner Process a., b., & c. should be deployed together

  18. Spill-Resistant Network Topography Phase III a. General User Desktop CD Readers Integrated With Barcode Reader CD Readers Only Phase III b. Communal Desktops with Same-Level CD Burners Same Classification CD Writers Only Phase III c. Centralized High-Low CD Burner Process (Only CD Drives that can operate without a Barcode Reader) Works on both thin-client and client-server environments

  19. Phase III a.General User Desktops CD Readers Integrated With Barcode Reader User scans barcode on CD to access CD drive. The first digit of the Serial Number (SN) determines if drive can be accessed. Example: Unclassified systems with CD Readers will NOT mount CDs with SNs beginning with # 2 or higher Confidential systems will NOT mount CDs with SNs beginning with 3 or higher Secret systems will NOT mount CDs with SNs beginning with #4 or Higher. Etc… Prevents the reading of CDs that are classified higher than the system (data spill) Introduction of “Foreign” CDs? Use Barcode Printer Kiosk #11 CD Readers Only

  20. Phase III b. Communal Desktops with Same-Level CD Burners User must scan barcode on CD to access CD Bruner. The first digit of the Serial Number (SN) determines if drive can be accessed. Example: Unclassified systems with CD burners will only mount CDs with SNs beginning with #1 Confidential systems will only mount CDs with SNs beginning with #2 Secret systems will only mount CDs with SNs beginning with #3. Etc… Prevents Users writing data to incorrectly marked blank CDs (data spill waiting to happen)

  21. Phase III c. Centralized High-Low CD Burner Process 1 Upload User Uploads File to High-Side SharePoint 2 Track System generates Ticket 3 Verify Privileged User from pool uses “Integrity” (aka Dirty word search & Secure Copy) to burn file(s) to unclassified (Green) CD 4 Secure Transfer Air Gap/Sneaker Net 5 Deliver & Close Ticket (Step 2) Privileged User emails (low side) sanitized file to user

  22. Wrap-Up • Phase I Cradle-to-Grave Lifecycle CD Tracking • Phase II Secure Storage • Phase III Spill-Resistant Network With Bar-coding Kiosk #11

  23. Benefits • Provides Scalable lifecycle Cradle-to-Grave tracking of CDs • Fully Automated • Custody Transfers • Employee out-processing flagging lost data • Prevents unauthorized possession and secure Storage • Facilitates Trend Analysis • Facilitates secure High-Low Data Transfers & Prevents Data Spills • Never actually “Reads” Classified Data • Blends Existing COTS Technology • Adds “Depth” to existing cybersecurity capabilities - keeping data secure even after it leaves the network.

  24. The Webster Commission’s Report “For instance, an information system auditing program would surely have flagged Hanssen’s frequent use of FBI computer systems to determine whether he was the subject of a counterintelligence investigation.”(Page 4) “Over twenty-two years and more than forty passes, Hanssen turned over to Soviet and Russian intelligence an estimated twenty-six diskettes and 6,000 pages of classified information.”(Page 16) “…over seven years ago, the CIA IG concluded that Aldrich Ames’ access to computer “terminals that had floppy disk capabilities represented a serious system vulnerability’.”(Page20) However, if you control the “vehicle” or medium of how information “walks out” of your facility you reduced the insider threat by denying the traitor the medium to do it with. Omar J Fakhri

  25. Questions?

More Related