Title: Campus Meeting on CSUID Implementation SSN Purge http:csuid.colostate.edu
1Campus Meeting on CSUID Implementation SSN
Purgehttp//csuid.colostate.edu
- Pat Burns and Steve Lovaas
- ACNS
- July 28, 2006
2Outline
- Burns
- Background
- Authority
- Scope
- The CSUID
- The Purge Process
- Roles and responsibilities
- Lovaas
- Scanning systems
- Encryption techniques
- All
- QA
3Background
- HB 03-1175 cease and desist using SSNs or
portions thereof as primary identifiers for
students effective July 1, 2004 - CCHE exception granted until fall 2006
- Federal/state mandates/laws
- Paccione legislation
- GLBA, SOX, HIPAA,
- Impending Identity Theft Protection Act
4Authority
- CSU IT Security Policy version 1.7, approved by
the ITEC July 11, 2006 - Prohibition of SSNs on systems unless approved
by the AVPIIT - Scanning files permitted
- SSN purge process, approved by the ITEC July
11, 2006 - Letter from SVP/Provost to Deans, Directors and
Department Heads (ddds) - SSN Attestation Form
- SSN Exception Form
5The CSU IT Security Policy ver. 1.7
- Approved by the ITEC on July 11, 2006
- New material
- SSNs not allowed on systems, unless approved by
the AVPIIT - SSNs on portable devices must be encrypted
- Authority to scan files/systems for sensitive
information - For the purpose of identifying sensitive
information - Location information returned only to the owner
of the file, for appropriate action
6Moreover
- It is the right thing to do
- Our constituents deserve no less than diligent
protection of their personal information
7Scope
- All employees
- All systems
- No automatic exceptions
8The New CSUID
- The ID card office is replacing all ID cards, and
this will be completed at the start of the fall
2006 semester - PID will be replaced by CSUID on all central
systems (except ISIS) on August 17, 2006 - Including the data warehouse
- Including class rolls and grade rolls
- SSNs generally unavailable thereafter
- Also need to purge SSNs from all systems
9Risk Mitigation
- Avoid purge SSNs from systems
- Reduce remove unnecessary SSNs from systems
- Transfer use SSNs on central systems
- Accept accept risk where we must
10The Purge Process
- Ddds distribute, collect and return SSN Personal
Attestation Forms for their employees - All employees must complete an SSN Personal
Attestation Form - Employees who check Yes (SSNs used) assess
their level of effort - Suggest they work with IT staff to scan systems
11Exceptions
- Must be applied for and approved by the AVPIIT
- Request ddds to collect and return SSN Exception
Forms - Must be endorsed by IT staff, or if IT staff is
the applicant, by their supervisor - Form available at
- http//csuid.colostate.edu/?pageforms
- All forms, including SVP memo, available there
12Role of IT Staff
- Work with users to scan systems for SSNs and
CCNs - Scan systems
- Return lists of files to users for their actions
- Endorse SSN Exception Forms
- Provide feedback to ACNS
- Remove all requests for SSNs from hardcopy and
electronic forms/programs - Reprogram all applications not to use SSNs
13Role of AVPIIT
- Coordinate the process
- Process Exception forms
- Report outcome to SVP/Provost
14Role of ACNS
- Provide a solution for scanning systems and files
for SSNs and CCNs - Provide a solution for encrypting files, and
central archival of encryption keys - Horror stories about individuals losing or
forgetting their encryption key, not like a
system password that can be reset
15Scanning and Encryption
- Steve Lovaas, ACNS
- Scanning
- Spider
- Encryption
- TrueCrypt
- Key escrow
16Scanning Systems for SSNs and CCNs
- Cornells Spider
- A Note on Exchange
- Approach for Linux/Mac and Windows
- Architecture
- Features
- Usage
- Gotchas
17Cornell Universitys Spider the product
- In-house tool from Cornell
- Originally a Helix forensic boot disk tool
- New version written for Windows
- EDUCAUSE distribution effort
- Uses regular expressions to scan for SSNs, with
extensions to look into some of the more popular
file formats - Note Credit card numbers already a no-no this
tool helps purge them too!
18Cornell Universitys Spider at CSU
- Hosting code and documentation locally
- http//csuid.colostate.edu/?pagetools
- ACNS developed custom regular expressions and
CSU-default configurations - Hosting local copies of original Cornell docs
- Please dont flood Cornell with questions
- spider_help_at_colostate.edu
19Using Spider results and procedures
- False positives
- There will be a lot
- You or the user get to sort through them
- Extension skip list to minimize them
- Notifying users of potential hits
- Avoid anything that actually sends SSNs over the
network (email users file paths only, or describe
over the phone) - Remember to protect the results
- Encrypt or store off-line
20A note on Exchange Servers
- Spider doesnt search Exchange stores
- Cornell doesnt use Exchange
- Microsoft protection of Exchange
- ACNS will scan CSU Exchange farm with custom
tools - Colleges/departments with Exchange?
- Contact Nick Smith in ACNS
- Nick.Smith_at_colostate.edu
21Spider for Linux - Architecture
- Written in Perl
- Uses several modules and other utilities
- 2 parts
- Client does scanning
- Server listens for and logs results
- Recommended approach
- Run on a single machine
- Mount other machines via NFS or Samba
- This is the best way to scan Mac OS X
22Spider for Linux - Features
- Older, stable version of forensic tool
- Command line only
- No recent feature upgrades
- Limited view into Microsoft file formats
23Spider for Linux - Usage
- Resources on CSUID tools page
- Instructions, config hints, recommendations
- Custom REGEX file to replace defaults
- Man page in the distribution
- All the switches and config details
24Spider for Windows - Architecture
- Native executable
- Many features compiled in, many options
- Requirements
- Administrative access
- 2000/XP/2003 with .NET 1.1
- Must reboot after installing tool
- Run locally or map remote drives
- Speed vs load
25Spider for Windows - Features
- Newer product
- CSU IT Security Technical Subcommittee has been
submitting feedback and bug reports - Many recent feature additions and revisions, bug
fixes - CSU has chosen the latest Beta rather than the
last stable release, due to advanced features
(after extensive ACNS testing) - Easy-to-use GUI
26Spider for Windows - Usage
- Resources on the CSUID tools page
- Instructions, config hints, recommendations
- CSU-customized .reg file with default settings
- ACNS best guess at a good list of extensions to
skip - Recommended approach
- Easier to install than Linux version
- Single scanning machine vs one-by-one
- Balance of time vs resources
27Spider - Gotchas for both flavors
- Some file types not scanned or dont work
- Linux can do Word, but not Excel or Access
- Windows has trouble with some PDF files
- Very large files will sometimes stall the program
- Email attachments are difficult to scan
- Log files are a roadmap to all this data
- Save to USB device or CD
- Encrypt anything remaining on fixed disks
(Windows version does this itself)
28Encrypt Whats Left
- Some systems will receive exemptions
- Need to store SSNs or CCNs locally
- Policy says encrypt
- What tools?
- Risks of encryption
29Encryption Choice of Tools
- Basic options
- Operating system features (Windows EFS)
- Commercial products (PGP Desktop)
- Open source products (TrueCrypt)
- Metrics to choose by
- Price
- Ease of use
- Reliability/risk
30Encryption Windows EFS
- Pros
- Available out of the box in 2000 and XP
- Very easy, intuitive user experience
- Free
- Cons
- If user login is compromised, data is accessible
- Default key recovery agent is Administrator
- Need an enterprise CA to be flexible enough
- Self-destruct feature in XP without a CA
31Encryption TrueCrypt
- Pros
- Free, Open Source
- Fairly easy to use
- Available key escrow without a CA
- Separate password from Windows login
- Available for Linux as well
- Cons
- A separate product to install
32Encryption with TrueCrypt - concept
- Volume encryption
- An entire hard drive
- A whole logical drive
- An entire removable device (USB stick)
- A single file on any of these as a virtual
filesystem - Not OS-dependent
- Application password ( keyfile)
- Single USB device usable on Windows, Linux
33Encryption with TrueCrypt - features
- Virtual filesystem
- Mount a file or drive as a separate mount point
- Treated just like a drive defrag, virus scan,
etc - Can be backed up
- Key escrow
- Administrator installs program, creates volume
- Backs up header, then sets a user password
- Recovery of header restores original admin
password
34Encryption with TrueCrypt - usage
- Windows
- Launch the GUI
- Create an encrypted volume
- Mount the volume to make it available
- Drag and drop files in and out
- Dismount when done (reboot dismounts too)
- Linux
- Command line only
- Same procedures and features
35Encryption with TrueCrypt usage (2)
- Encryption strength
- AES (256-bit)
- Hashing function only for randomization in
creating the volume, so SHA-1 is OK - Key escrow HIGHLY RECOMMENDED
- ACNS will provide storage of volume headers
- If you use this (or any) encryption product
without recovery ability, data could be lost
forever - The cure could be worse than the disease
36Key Escrow
- Crucial to acceptance of an encryption tool
- Loss of password must not loss of data forever
- ACNS will provide hosting
- Offline, redundant storage (not networked)
- Physical security (monitored, locked, alarmed)
- Consistent naming conventions (for scalability)
- May be intermediate step toward a future CA
- Better scalability, automation, ease of use
- Support for email encryption, client certificates
37Summary of Resources
- http//csuid.colostate.edu
- Forms
- Spider
- Executables, configs, documentation
- TrueCrypt
- Local user instruction document
- External links to download installers and
documentation - ACNS
- spider_help_at_colostate.edu
- key_escrow_at_colostate.edu
38Discussion