Carnival

Carnival Cruises Cruiseline has something for everyone exclusively with Travelonly

Spanning five continents and more than 120 ports of call, the world of Carnival Cruise has something for everyone. Find adventure in Alaska. Golf in Hawaii. Dive a shipwreck in the Caribbean. Shop in Italy. Or just look good on the French Riviera. With more than 65 itineraries calling on 52 countries, there’s definitely a cruise that’s perfect for you and yours.
Alaskan cruises with Carnival CruiseAlaska
Glacier Bay – A destination eons in the making, Glacier Bay’s pristine landscape makes the top spot on most travelers must-see list. Your Glacier Bay Alaska cruise takes you to this protected national park that is spread across 3.2 million acres in Southeast Alaska and home to 15 active glaciers, numerous seabirds, otters, humpback whales and countless sights. And a Carnival Alaska cruise is the best way to make the most of your time here.There’s no better way for you and your family to see Alaska and the Inside Passage than with us. Start your Alaska cruise from Seattle or Vancouver and get ready for amazing views and wildlife like nowhere else. On board relax in the Mandara Spa with a massage, check out the casino or just soak in a hot tub and watch the scenery glide by.
Bermuda cruises with Carnival CruiseBermuda
Discovered 500 years ago by Juan de Bermudez, Bermuda has always been famous for green hills, pastel-colored homes and pink-sand beaches. Throw in world-glass golf courses, glass-bottom boats, swimming with dolphins, mountain biking, shopping and nightlife and you’ve got an excursion worth leaving the ship for. Don’t worry, the waterslide and karaoke will be waiting on board. Bermuda is a family-friendly vacation that really packs in the fun.
Caribbean cruises with Carnival CruiseCaribbean
There really aren’t enough adjectives to describe the colors of the Caribbean. The water shifts from aqua to turquoise to deep blue. Throw in some white-sand beaches, yellow, pink and green architecture, some rather colorful colonial history, plus great dive spots, duty-free shopping and you’ve got one amazing cruise vacation. And with Freestyle Cruising, it becomes one of the most relaxing spots on earth. So go ahead, find your place on a postcard-perfect beach and do absolutely nothing.


Find your Caribbean Cruise


Aruba caribbean Carnival cruise destination
Aruba – famed beaches need no translation.
Wide, chalk-white boulevards of sand line the west shore of this exotic Dutch island, where trade winds twist the trees and draw windsurfers and kite boarders from all over the world. See the shoreline from a catamaran, then experience bliss, Aruba-style.

Find your cruise to Aruba

Barbados caribbean Carnival cruise destination
Barbados – Follow the lead of the sea turtles that call Barbados home by gliding along its rich reefs and trundling ashore on its unspoiled beaches. Or head underground to its cool caves, intriguing coral caverns dripping with stalactites.
Costa Maya caribbean Carnival cruise destinationCosta Maya – Did the ancient Maya build their cities near this Mexican coastline because the beaches and reefs are so awesome? Ponder the mystery as you snorkel, venture on a fishing tour or gaze up at stone masks at dazzling archaeological wonders like Kohunlich.

Cozumel caribbean Carnival cruise destinationCozumel – Stroll along a waterfront promenade bright with shops and nightspots. Explore the tropical savanna of Cozumel by foot, horseback, jeep or ATV on your choice of Carnival’s shore excursions. Or make like a TV star on the Amazing Cozumel Race. Part adventure game, part reality show, it gives you a fast-paced taste of this diverse Mexican island.
Dominica caribbean Carnival cruise destination
Dominica – boasts a wealth of waterfalls. Dozens tumble down its lush jungle mountainsides. Channel your inner Tarzan or Jane and explore this island’s verdant beauty on excursions that go beyond merely admiring majestic scenery to let you experience it. You can swim in the clear water during hikes to Middleham Falls and Sari Sari Falls. Sari Sari ranks as one of Carnival’s most challenging and rewarding adventures.
Grand Turk caribbean Carnival cruise destination
Grand Turk – We say “FLOW,” you say “RIDER!” The perfect curl is always forming when you hang 10 on the FlowRider at Carnival’s Grand Turk Cruise Center. Then relax poolside with an icy beverage from Margaritaville. Or head over to quaint Cockburn Town and tour Conch World, a new eco-tourist spot celebrating the Caribbean’s popular sea critter. Like other Turks and Caicos Islands, Grand Turk became famous for its exceptionally bright-white beaches and tourmaline waters.
Isla Roatan Honduras caribbean Carnival cruise destination
Isla Roatan, Honduras – Soar above Mahogany Bay, Carnival’s brand-new cruise center at Isla Roatan, on the “Magical Flying Beach Chair” – The world’s premier ski lift lands on a beach, delivering you to Carnival’s new, 10-acre private island. Savor this exclusive white sand retreat, then get your feet wet sailing, paddling or diving with dolphins.

St. Kitts caribbean Carnival cruise destination
St.Kitts – Built in the 1920s to transport sugar cane from the fields to the factory in Basseterre, the St. Kitts Scenic Tour provides one of the most fun and relaxing ways to view this lush, mountainous island. Double-decker railcars chug across lofty bridges and dip down into tiny towns and for a more active thrill, zing along a zipline through St. Kitts’ otherworldly forest of bamboo and giant philodendrons.
St. Thomas caribbean Carnival cruise destination
St. Thomas – Pirates once roamed St. Thomas’ alleys, which now host a treasure trove of stores. But there’s more to this shopper’s Shangri-la than an international grab bag of perfume and electronics. This U.S. Virgin Island also claims one of the world’s most beautiful beaches, heart-shaped Magens Bay. You can don a snorkel to explore coral reefs bright as a wildflower meadow. Or take in the spectacular views on a soaring aerial tram ride to Paradise Point.
St.Maarten St.Martin caribbean Carnival cruise destination
St. Maarten / St. Martin – Half Dutch, half French, this dual-country island combines Caribbean casual with a jaunty Continental flair. Rumble along Dutch roads on an American Harley. Or embrace your inner Euro, dining Parisian-style in the cafes of Marigot and shopping its chic boutiques.

Find your Eastern Caribbean Cruise

Bahamas and Florida cruises with Carnival CruiseBahamas & Florida
A Carnival cruise to the laid back islands of The Bahamas is the perfect vacation to relax and unwind. The sun drenched shores of Nassau and Freeport feature sophisticated shopping, sizzling nightlife, delicious Caribbean cuisine and much more. And, the pristine white sand, turquoise waters, gentle surf and exotic marine life provide a paradise for any beach aficionado. With world-class fishing, Victorian mansions, museums, vibrant bazaars and colorful Bahamian houses — there’s always plenty to see and do on your Bahamas cruise.

Find your cruise to the Bahamas

Canada and New England cruises with Carnival CruiseCanada & New England
Canada and New England Carnival Cruises conveniently depart from New York City. Leave the bustling metropolis enroute to the pure tranquility of nature. Take a cruise to Canada for an unforgettable tour of the Northeastern United States and Canada. The green of the leaves is replaced by brilliant bright orange and brown in the historic U.S. cities of Boston, MA and Portland, ME. Our Canadian neighbors will greet you warmly in the beautiful ports of Halifax, Nova Scotia, and Saint John, New Brunswick. It’s the prefect change of scenery to witness the changing of the seasons. Fall cruises to Canada and New England are the best way to experience the autumn peak of fall foliage.

Find your Canadian/New England Cruise 

Europe cruises with Carnival CruiseEurope
Grand Mediterranean Cruise – This popular European cruise itinerary from the Rome visits Naples, Venice, Messina and Livorno. So, you’ve got Italy covered from the Grand Canal to Mt. Etna, as well as the treasures of Florence and Pisa. But, there’s so much more. Like Croatia’s walled city of Dubrovnik and the fantastic attractions of when you sail into the Barcelona cruise port. Each Mediterranean cruise port of call is unparalleled to any other you’ve seen. All of the European cruise ports are historically breath-taking and a must-see to believe sight.

Find your Eurropean Cruise

Hawaiian cruises with Carnival CruiseHawaii
A Carnival Hawaii cruise will transport you to a paradise for both the adventure seekers and those who just want to relax and recharge. The ultimate playground, the islands of Hawaii boast a myriad of activities on both land and sea, including: snorkeling, scuba-diving, swimming, whale-watching, horseback riding, helicopter tours, hiking, golfing, big-game fishing and, of course, surfing in Hawaii. Hawaii cruises are the best way to experience Hawaii by land and sea. Relax and explore on a Carnival Hawaii cruise vacation. Aloha!

Find your Hawaiian Cruise


Baja mexico cruises with Carnival CruiseMexico

Baja – Think your schedule is too tight to take a fun-filled Baja Mexico cruise vacation? Our Baja Mexico cruises are just the cruises to change your mind. You can experience the tropical beauty of Baja with a 3 day cruise to Ensenada. Relax in the privacy of Ensenada’s private beaches before hitting the fashionable shops of Avenida Primera for new jewelry — duty-free, of course. Have an extra day to spare? Our 4 day Baja Mexico cruise visits Catalina Island. Who knows? You may spot some of Hollywood’s elite while sunning on the golden beaches of California’s Emerald Island. Cruise to Mexico on the Baja Mexico cruises for a vacation you deserve.

Find your Mexican Cruise

Mexican Riviera cruises with Carnival Cruise
Mexican Riviera – Our Mexican Riviera Cruises are the perfect vacations for seven days of pampered pleasure. From the crystal-clear waters and sparkling nightlife of Puerto Vallarta and La Paz, to and the energizing fun of sport fishing and shopping in Mazlatan, this Mexican Riviera cruise inspires a feeling of privilege. Don’t forget about the beaches and unforgettable underwater scenery of Cabo San Lucas.
Western Caribbean cruises with Carnival Cruise
Western Caribbean – Enchanting beaches, lush rainforests and exciting nightlife are just a few of the attractions at these ports. Relax on the powder-soft sand of a quiet beach, swim with stingrays, visit local wildlife habitats or explore an ancient Mayan city on horseback. Whatever your desired level of adventure, you’re sure to find it here.


Find your Western Caribbean Cruise

Book a Carnival Cruise! Call 1-866-496-9862
Carnival Cruise – Cruise Ships
Our ships are built with one goal in mind: to make sure that every time you walk up the gangway, you get the sense that you’re crossing over into a whole new world of fun.
Once on board, let the good times roll because just about everything is included. Enjoy delicious meals in various onboard restaurants, including your comfy accommodations with the complimentary 24-hour stateroom service. Wear the nickname “Night Owl” proudly as you revel in the awesome nightly entertainment; then wonder at all the fun stuff there is to do the next day. But that’s not all… there’s the beautiful and exciting destinations; the award-winning youth programs for kids of all ages; the high rollin’ casino… topped off with some of the friendliest service at sea.
Carnival Cruise cruise ship Magic
Dream Class
 

Carnival Magic® – Remember the fun-filled, magical moments you had when you were a kid? Before work. Before stress. Well, now there’s the Carnival Magic. A place specifically designed to bring friends and family together to create lasting memories. From delicious intimate or family-style dining at one of our many restaurants, bars, or lounges, to frolicking in the expanded Carnival WaterWorks fun zone. Carnival Magic transcends the thought of a vacation to another place. It offers the best of both worlds, traveling the glorious Mediterranean sea in Europe and the beautiful Caribbean. Sailing May – October 2011, Carnival Magic will be making “hot spot” stops in Barcelona, Rome and Venice, to name a few. Then starting November 2011, Carnival Magic will offer 7-day cruises to the Caribbean out of its homeport in Galveston, Texas.
Carnival Cruise cruise ship Dream
Carnival Dream® – Hosting 7-day sailings, year-round, from beautiful Port Canaveral, FL to the exotic Eastern and Western Caribbean. One of the largest ships in our fleet, the Carnival Dream features our adult-only Serenity Retreat; Cloud 9 Spa; Carnival WaterWorks; lots of family fun activities, including 18-hole mini golf; delicious dining; dazzling entertainment; cool hot spots and much, much more. Come aboard and experience the vacation dreams are made of.

Carnival Cruise cruise ship Conquest
Conquest Class
Carnival Conquest® – There’s no better way to conquer the high seas of fun than with CARNIVAL CONQUEST. We’re talking beautiful destination spots, award winning stage shows, swanky clubs and lounges. Plus Spa Carnival, a friendly casino, delicious dining options and our Carnival Seaside Theatre. Did we mention balcony staterooms as far as the eye can see?
Carnival Cruise cruise ship Glory
Carnival Glory® – More nightclubs, duty-free shops, restaurants and a fabulous steakhouse are just a few of the features that make CARNIVAL GLORY a truly magnificent ship. Most of her extra-spacious staterooms feature ocean views and the majority of those boast private balconies. Relax in any of the CARNIVAL GLORY’S three pools or take a wet and wild ride on the 214-foot waterslide. No matter how you choose to spend your cruise, you’re guaranteed a great time.
Carnival Cruise cruise ship Valor
Carnival Valor® – There’s no need to go looking for fun aboard CARNIVAL VALOR, fun will find you. In fact, with CARNIVAL VALOR‘s three pool areas, 9-hole mini golf course, Carnival Seaside Theatre and the best fine dining afloat at her steakhouse, it’s almost impossible to not have the time of your life aboard CARNIVAL VALOR. And, with so many entertainment option, the good times are just getting started when the sun goes down.
Carnival Cruise cruise ship Liberty
Carnival Liberty® – Now more than ever, a cruise to the Caribbean aboard the CARNIVAL LIBERTY is a vacation on one of the most spectacular ships at sea. Two new 650-square-foot “deluxe penthouse suites” – will be added to this already spectacular floating resort. With all of our newest amenities, including Carnival’s Seaside Theatre — CARNIVAL LIBERTY’S duty-free shops, delicious dining options, lounges and clubs, CARNIVAL LIBERTY is as much an attraction as the destinations themselves.
Carnival Cruise cruise ship Freedom
Carnival Freedom® – Everyone has their own idea of what a perfect cruise vacation is. That’s why Carnival believes in giving our guests a variety of entertaining options — one more fun than the next. Looking for some quiet time with the other adults? Carnival Freedom is the first Conquest-class ship to feature the Adult-only Serenity Retreat. Prefer to stay close to the spa and still have a personal view of the sea? Eighteen of Carnival Freedom’s Spa Deck Ocean view staterooms now feature private balconies. We’ve also made it easier for your 12-14 year olds to have fun their way by adding their own “chill out” spot; Circle “C.” And for the ulitmate in freedom of choice, the “Your Time Dining.” Remember, it’s your choice to do whatever you want — even if that’s nothing at all!
Carnival Cruise cruise ship Spirit
Spirit Class
Carnival Spirit® – is the floating resort that ushered in our Spirit-class ships with innovations like the two-level promenade and the reservations-recommended steakhouse. The delicious dining, wide variety of onboard activities and endless entertainment options on the CARNIVAL SPIRIT complete a cruise experience like no other. This ship also has all the aquatic fun you could want on your vacation, featuring pools, Carnival’s Twister Waterslide, and even the Sliding Sky Dome, which instantly brings all the comfort of an indoor space to the outdoor aft pool.
Carnival Cruise cruise ship Pride
Carnival Pride® – now sailing year-round from Baltimore, this ship has everything you could want on your vacation. You’ll love her pools and whirlpools, Carnival’s Twister Waterslide and the CARNIVAL PRIDE’S Sliding Sky Dome, which covers the aft pool in the event of a shower. Get pampered at Spa Carnival, play your favorite games at the Winner’s Club casino and dine at David’s, the CARNIVAL PRIDE steakhouse.
Carnival Cruise cruise ship Legend
Carnival Legend® – Ready for a vacation of legendary proportions? Set sail on a floating resort so spectacular she needed a two-level promenade for all of her fabulous shops, lounges and nightclubs. And, with most of CARNIVAL LEGEND’S staterooms featuring ocean views and the majority of those with private balconies, there should be no problem getting the perfect accommodations for your cruise. With CARNIVAL LEGEND’S delicious dining — including a steakhouse, wide variety of onboard activities and pampering service, this “Fun Ship” has already become a legend in her own time.
Carnival Cruise cruise ship Miracle
Carnival Miracle® – A marvel of modern cruise engineering, most of the CARNIVAL MIRACLE’s staterooms have ocean views and the majority of those have private balconies. Highlighted by the 11-story Metropolis atrium with a ruby-red glass ceiling, CARNIVAL MIRACLE features all of the fabulous dining – including a reservations-recommended steakhouse, endless entertainment options and pampering service that make for a truly special onboard experience. Forget about small, a cruise on CARNIVAL MIRACLE will leave you thankful for BIG miracles.
Carnival Cruise cruise ship Fantasy
Fantasy Class
Carnival Fantasy® – With the addition of the awesome aquatic amenities of Carnival WaterWorks, Serenity Adult-only Retreat and a tropical resort-style pool — more than ever — it’s time to stop the wishful thinking and book your cruise aboard CARNIVAL FANTASY. We’ve also refurbished the CARNIVAL FANTASY suites, and added flat screen TVs to the already enhanced staterooms. So relax, and let us make your cruise vacation dreams a reality.
Carnival Cruise cruise ship Ecstasy
Carnival Ecstasy® – A ship doesn’t get the name CARNIVAL ECSTASY for nothing. We’ve added wonderful amenities, like a resort-style pool, a tranquil Serenity Adult-Only Retreat, the splashy stylings of Carnival WaterWorks, and expanded Youth Program space and lots of new private balconies. Add a variety of formal and casual eatries which feature aMongolian Wok and Rotisserie, lounges & nightclubs, a friendly casino, and a whole lot more. It’s enough to make anyone ecstatic. And, yes, we mean you!Carnival Cruise cruise ship Sensation
Carnival Sensation® – Don’t think you can fit a fun-filled Bahamas cruise into your busy schedule? Considering CARNIVAL SENSATION offers two cruises every week of the year, we may be able to change your mind. CARNIVAL SENSATION includes the splashy stylings of Carnival WaterWorks, the tranquil environment of the Serenity(SM) Adult-Only Retreat and several private balconies; you’re on your way to a true SENSATION vacation!

Carnival Cruise cruise ship Fascination

CARNIVAL FASCINATION® – it’s just that… Fascinating. With all of her new enhancements, you’ll never want to leave the ship. Enjoy Carnival WaterWorks, the adult-only Serenity retreat, relax on one of her many private balconies, people-watch in the dazzling 6-story atrium and lobby bar, challenge friends to a game on the 9-hole mini golf course and indulge your tastebuds at the sushi bar. Come aboard the beautiful CARNIVAL FASCINATION and let her capture your imagination.
Carnival Cruise cruise ship Imagination
Carnival Imagination® – How much fun can you have aboard the CARNIVAL IMAGINATION? More than you can imagine, including: a 9-hole mini golf course, Carnival WaterWorks water park, a tropical resort-style pool and Serenity-Adult only Retreat. And, that’s on top of the delicious dining options, onboard activities, nightlife, casino games and relaxing spa treatments that have been part of CARNIVAL IMAGINATION all along.
Carnival Cruise cruise ship Inspiration
Carnival Inspiration® – What would inspire you to take a “Fun Ship” cruise from Tampa aboard CARNIVAL INSPIRATION? How about a 9-hole mini golf course, the family-fun of Carnival WaterWorks, a tropical resort-style pool – and when you need some pampering and quiet time – a Serenity-Adult Only Retreat. And, as always…the delicious dining, entertainment, friendly service, and – of course – the beautiful destinations that our cruises are famous for.
Carnival Cruise cruise ship Elation
Carnival Elation® – True to her name, you’ll feel your spirits soar as soon as you enter CARNIVAL ELATION’s 6-story atrium. Grab a refreshing drink at the lobby bar before making your way to the teak-planked decks to relax in the sun. Play a round of mini-golf on CARNIVAL ELATION’S 9-hole course or plunge into any of the three refreshing swimming pools. Ready to refuel? Make your way to one of the many eateries for a tasty treat. Now that you’re recharged, roll up your sleeves and try your luck in the friendly casino before turning your attention to CARNIVAL ELATION’S exciting nightlife. It’s time to get excited about your next vacation.
Carnival Cruise cruise ship Paradise
Carnival Paradise® – Taking her cue from her close neighbor of Hollywood, CARNIVAL PARADISE makes each of our guests feel like stars. Don your swimsuit and shades for some sunning beside her three pools. Grab some sushi with your friends before dashing off to the 6-story atrium bar and the duty-free CARNIVAL PARADISE shops. And, don’t worry; we’ll hold your calls while you’re being pampered at the redesigned Spa Carnival. CARNIVAL PARADISE is a ship that truly lives up to its name.

Carnival Cruise cruise ship Destiny
Destiny Class
The CARNIVAL DESTINY® boasts nearly 500 balcony staterooms and suites, Carnival’s Seaside Theatre and Circle “C” space just for 12-14 year olds – The perfect choice for your next cruise vacation. Ready for some grown up fun? The CARNIVAL DESTINY can satisfy any appetite with her variety of eateries as well as keep you entertained late into the night with a fantastic selection of lounges and nightclubs. The friendly casino, duty-free shopping and relaxing Spa Carnival round out what is sure to be an unforgettable cruise experience for you and your whole family.
Carnival Cruise cruise ship Triumph
Triumph Class
Carnival Triumph® – Everybody wins when they sail aboard the CARNIVAL TRIUMPH. Experience the ultimate in relaxation and adventure during our 4 & 5 Day Western Caribbean sailings as well as the 7 Day Eastern & Western Caribbean cruises departing from New Orleans.
Carnival Cruise cruise ship Victory
Carnival Victory® – You’ll know you picked a winner for your cruise as soon as you enter the CARNIVAL VICTORY’s atrium. You’ll smile from ear-to-ear as you experience CARNIVAL VICTORY’s four shimmering pools, wide variety of delicious dining options, endless entertainment venues, friendly casino, exotic spa treatments, the Seaside Theatre and spacious staterooms. True to her name, there are no losers aboard the CARNIVAL VICTORY.
Carnival Cruise cruise ship Splendor
Splendor Class
Carnival Splendor® – The CARNIVAL SPLENDOR sails out of Los Angeles weekly and dazzles all cruisers with a host of fantastic features, including: staterooms with flat screen TVs; Cloud 9 Spa, a spectacular 21,000-square-foot, two-level spa and gym facility; 5,500-square-foot children’s playroom; and a mid-ship pool covered with a two-deck-high Sliding Sky Dome. She’s yours to experience on a variety of wonderful itineraries.
Book a Carnival Cruise! Call 1-866-496-9862
*Photos provided by Carnival.com
Drainware - Jose Ramon Palanco

Projects

Drainware

22 January, 2020

Tags: , , , , , ,

Between 2011 and 2014 we developed (Cristian Sandoval, Marco Lojo, Antonio Moreno, .. among others) a Cloud Platform with DLP capabilities, now in 2020 it is Open Source. It was a very cool technology at that time, we used mongo, redis, rabbitmq, .. among other technologies. Most of the magic was inside the endpoint, written in C++.

This product is able to identify data leaks in buffers like the clipboard, screenshot (OCR), … monitor removable devices, network units, applications (minifilter driver), cloud apps (dropbox, one drive, google drive), printer (OCR), …

It uses geolocation based on the SSIDs using google location services to track stolen devices or known when a device was located when the data leak was performed.

It also comes with a basic sandbox to freeze applications abused by exploits by detecting suspicious traces in memory like nop-sled, heap-spray, ….

One of the coolest features was the distributed search across all endpoints of the organization. It was possible to find files, emails, documents, …

Another interesting feature is that the endpoint includes a PHP interpreter to run callbacks or create validators based in regular expressions, REST API calls or whatever you can imagine. It also uses ADS, ssdeep and several fun things you will find browsing into the code.

Promo video:

Now this project is opensource!

The code

You can download the source code at Github:

https://github.com/drainware

DISCLAIRME: Use the code under your own responsibility. This project is not maintained for a long time, so most of the dependencies are obsoletes and some of them vulnerable.

Screencasts

Drainware Intro:

Drainware DLP:

DLP Storage:

DLP Custom rules:

 

 

 

Manual

 

Introduction

This manual is written either to be read sequentially the first time, or can be used as a reference guide. During this reading you can find notices in the following formats:

Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotations: Concept clarifications

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!: Important concepts to keep in mind

Tip: Tricks, shortcuts and other tips

About Drainware

Drainware is a security platform that is like a service. It has several modules to protect the information and/or the computers that contain this information.

We offer Freemium license which means you can start using it for free with some restrictions in its features.

Requirements

Operating System

Drainware can be deployed on computers with Microsoft Windows OS installed. The currently supported versions are the following:

OS Architecture
Windows XP x86
Windows 7/8 x86/x64
Windows 10 x86/x64

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!

Windows XP is supported only with Service Pack 3 or later. We also have support for Windows XP SP2, but you have to install the following components:

Windows Search 4.0 for Windows XP (KB940157)

Wireless LAN API (KB918997)

    1. Minimum Hardware

CPU: Intel Pentium III 1 GHz or faster

RAM: 1 GB (2GB recommended)

HDD: 200 MB

Installation

Signing up in the system

Before installing Drainware, it’s necessary to have an account on the platform. To sign up in the system you’ll have to go to the official Drainware website at https://www.drainware.com and click on the sign-up button in the top-right menu.

 

home

register

This will show us a form where we must input the information requested: registry data, company name, VAT ID, and the number of employees.

The e-mail will be associated with your account and it won’t be able to be changed in the future.

For the number of employees field, we only have to consider the ones that normally work with a computer.

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!: The password must have at least 8 characters.

Afterward, you will receive an e-mail that will allow you to validate your new account.

register_mail

When the license has been validated, it will redirect us to the sign-in page where we will have to input the e-mail and the password that we have entered in before.

login

Software endpoint installation

Once we have the license validated and entered our credentials, we are correctly signed in and able to download the software. After sign in, we have the possibility to download the installer. To the right of the download link, we have the license number that is a 16 digit code that we will need during the installation.

Download

This installer will install the 32 or 64-bit version, depending on the operative system used.

Advanced Installation

It is possible to deploy the endpoint in an unattended manner. This is very useful if you have a lot of users and you want to deploy it on a mass scale.

To do that, you can find the .msi installers available in the following URL

http://update.drainware.com/

The procedure to install it through the command line is below (where you must replace the red text by your license number):

msiexec /i file.msi /quiet /noreboot DDI_LIC=XXXX-XXXX-XXXX-XXXX

If you prefer you can use this logon script:

Name: drainware_logon.vbs

Function GetWindowsArchitecture(strComputerName)

Set objWMI = GetObject("winmgmts://" & strComputerName & "/root/cimv2")

Set colItems = objWMI.ExecQuery("Select * from Win32_OperatingSystem", , 48)




For Each objItem In colItems

GetWindowsArchitecture = "32-bit"

If left(objItem.Version,3) >= 6.0 Then

GetWindowsArchitecture = objItem.OSArchitecture

End If

Next

End Function

Function GetProgramsFolder()

Set wshShell = WScript.CreateObject("WScript.Shell")

GetProgramsFolder = wshShell.ExpandEnvironmentStrings("%programfiles%")

End Function

Function ExistDrainwareSecurityDir()

Set objFSO = CreateObject("Scripting.FileSystemObject")

ExistDrainwareSecurityDir = objFSO.FileExists(GetProgramsFolder() & "\Drainware\Drainware Security Endpoint\DrainwareSecurityAgent.exe")

End Function

Function DownloadDSE(strRemoteDSE, strLocalDir)

Set objFSO = CreateObject("Scripting.FileSystemObject")

objFSO.CopyFile strRemoteDSE, strLocalDir & "\"

End Function

Function InstallDSE(strLicense, strRepository)

If Not ExistDrainwareSecurityDir() Then

Set wshShell = WScript.CreateObject("WScript.Shell")

Select Case GetWindowsArchitecture(".")

Case "64-bit"

Rem Msgbox "Installing Endpoint 64-bit " & strLicense

strRemoteDSE = strRepository & "\SetupCloud.msi"

strLocalDSE = wshShell.ExpandEnvironmentStrings("%temp%") & "\SetupCloud.msi"

Case "32-bit"

Rem Msgbox "Installing Endpoint 32-bit " & strLicense

strRemoteDSE = strRepository & "\SetupCloud32.msi"

strLocalDSE = wshShell.ExpandEnvironmentStrings("%temp%") & "\SetupCloud32.msi"

End Select

DownloadDSE strRemoteDSE, wshShell.ExpandEnvironmentStrings("%temp%")

Rem Msgbox "msiexec /qn /i " & strLocalDSE & " ddi_lic=" & strLicense

Rem WshShell.Run "msiexec /qn /i " & strLocalDSE & " ddi_lic=" & strLicense

Msgbox "Your computer will restart after a few seconds"

End If

End Function

Dim strLicense

Dim strRepository

strLicense = WScript.Arguments(0)

strRepository = WScript.Arguments(1)

InstallDSE strLicense, strRepository

 

Usage:

drainware_logon.vbs LICENSE LOCATION

example: drainware_logon.vbs XXXX-XXXX-XXXX-XXXX \\mynas\resources\dlp\

The location must contains both msi files (for x86 and x64)

Useful links

Create a GPO (Windows 2008)

Initial configuration

In this section, we will go through the initial configuration of Drainware. These are the available options in the left menu (red area) of Drainware once you sign in.

menu

Credentials

In this section, we can update our password. If we want to change it, we also have to fill in the current password.

credentials

Subscription

Drainware has two different subscription types. One is the Freemium option, which offers a monthly service with a limit of 500 security events; after 500 events, the organization will be unprotected until the first day of the next month.

On the other hand, we offer a Premium subscription that is based on the number of users you wish to protect. The Premium subscription includes unlimited events (as long as use remains reasonable).

In this section, it is possible to check the validity of the subscription and upgrade it in the case of using a Freemium subscription.

If you have questions about this section, please write an e-mail to sales@drainware.com and our sales team will be happy to assist you.

Groups

It is possible that in your organization you would like to apply different policies depending on groups of users. We can organize the groups by areas or departments, depending on the requirements of the organization.

In this section, we can create the groups inside our platform and then apply policies directly over them.

It is possible to integrate the groups in the organization directly with Drainware, and this topic is explained in more detail in section 4.5.

Users

Every time that user logs in to a computer protected with Drainware, the server is notified, and it will register it in the system. From that moment, we can associate that user to one or more groups.

Authentication

To integrate Drainware with your organization, we offer an authentication module. We have 2 different options to configure the authentication module: local authentication or LDAP.

By default, Drainware works in the local authentication mode, in such a way that the group information is already in our platform.

With the LDAP option, it’s possible to integrate an LDAP server or Active Directory Domain to be able to use the users and groups of the organization.

If you want to integrate LDAP, it’s necessary to open the LDAP port to the Internet. We recommend opening it with SSL exclusively.

If you want to integrate it with Active Directory, you should use the following information:

Field Value
Type LDAP
SSL Depending on your configuration
Version 2.0
Host IP or Computer Name
Port 389 or 636 if it’s SSL
DN DOMAIN\user
Password User Password
Base DC=DOMAIN, DC=LOCAL
User Attr sAMAccountName
Recursive Groups Optional

We recommend to use always LDAP with SSL and to block any connection except if it comes from our public IP Adress.

We also have the “Recursive Groups” option. This option allows users in nested groups to resolve the groups to which they don’t directly belong.

Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotation: If an LDAP user doesn’t belong to any of the imported groups, it will belong to the default group automatically.

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

When the LDAP is integrated, all users will be available in the platform however the same doesn’t happen with the groups. The groups must be imported one by one from the group’s section, which will also be integrated with LDAP.

Time Zone

It’s possible that the employees of an organization work or travel around the world. Therefore, in Drainware, we work with the UTC time zone. In order to translate the time between different time zones, we offer the possibility to select the time zone where the administrator wishes to see the events.

Dashboard

The main window of Drainware shows an overview of the security events that happened since the installation of Drainware. It also shows the details of the events that happened since the beginning of every month.

Macintosh HD:Users:jose:Desktop:dashboard.png

For Freemium users, it shows a status bar that shows the monthly events. When the number of events reaches 500, Drainware will stop working until the beginning of the next month. The administrator will then receive an e-mail notification that the organization is not protected with Drainware anymore.

Tip:

To the right of the monthly events bar, you can find a link to get more free events per month in the Freemium version. To receive more free events, you only have to share a link with the reference code. For every verified installation referred to this code, Drainware will give you 100 extra free events per month.

DLP

In the DLP module (Data Loss Prevention), we can control the confidential information inside the organization to prevent data leaks.

Macintosh HD:Users:jose:Desktop:menu_dlp.png

Policies

The policies define what information you want to monitor and what action will be carried out. In the policies creation section, we provide a wizard that makes the whole process easier. We’re going to create a policy with the name POL001 and the description of “Policy 1”.

Macintosh HD:Users:jose:Desktop:pol1.png

In the first step we have to provide a name and a short description of the policy:

Macintosh HD:Users:jose:Desktop:pol2.png

In the next step, we have to define the information that we want to protect.

We can see the next menu:

  • Concepts / Subconcepts: patterns predefined by Drainware to identify the information.
  • Applications: applications that we’ll deny any access to confidential information.

As we continue configuring Drainware, this section will contain other elements such as rules, files, and network sites; which will see in the next sections.

Macintosh HD:Users:jose:Desktop:pol3.png

If we expand the Concepts/Subconcepts we will see a big list of categories. We can include a subconcept in our policy like Visa or the credit card concept that would include all credit card types.

Macintosh HD:Users:jose:Desktop:pol4.png

In the applications section, we can see a list (that can be extended by the user) that allows the blocking of several programs.

Macintosh HD:Users:jose:Desktop:pol5.png

In Step 3 we can see a list of the groups that we have already imported, the action that will be carried out, and the severity (how severe is the group of users that triggered the policy).

Macintosh HD:Users:jose:Desktop:pol6.png

We only have to select the groups that we want to be affected by the policy. When defining the action, it can be:

  • Log: logs the event in the Drainware database for audit purposes.
  • Alert: an e-mail is sent by default to the e-mail address used for sign up in Drainware, but it can be overridden by another address specified only for this policy.
  • Block: prevents filtering of information.

In all cases, the employee that executes the policy will see a notification.

Macintosh HD:Users:jose:Desktop:pol7.png

We only have to click the “Finalize” button and the policy will be created.

Macintosh HD:Users:jose:Desktop:pol8.png

Every time we create a policy, it will appear in the policies list. In this list, we have 3 buttons:

  • Configuration: we can configure the information to protect, like we configured in step 2.
  • Action: we can re-define actions for the different groups, like we configured in step 3.
  • Remove: removes the policy.

Once the policy is created, it can’t be renamed.

Macintosh HD:Users:jose:Desktop:pol9.png

Rules

With “Rules”, we can define our own information patterns to protect inside the policies. We can include, for example, confidential footers that we usually introduce in documents with confidential information. We can also add regular expressions that describe any confidential documents that we want to protect.

To create a rule, we have to introduce a name without spaces and special characters (A), a description (B), optionally, we can include a verification function in PHP (C) and we can define which policies we want to associate with this rule (D). Like policies, rules can’t be renamed either.

Tip:

If we want to use a verification function in PHP, it will receive the variable “$match” that contains the resulting match after the regular expression is applied. It will be necessary that after analyzing $match, it will assign TRUE (accept match) or FALSE (deny match) to the “$return_val” variable.

Macintosh HD:Users:jose:Desktop:rule.png

Files

For very exceptional cases, it’s possible that a rule can’t cover all our requirements and we’d want to sign up for a file. In these cases, we can upload a file to help Drainware to identify when someone is trying to filter information.

The procedure is very simple. We can upload one or more files and they will be automatically available to associate with our policies. We only have to go to the policy configuration and select the filename.

Every time we upload a file, this will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:files.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Before uploading a file, we suggest to use a unique filename or even put the current date to distinguish it from another with the same name.

 

Network Sites

In the network sites section, we can add Windows shared folders with the format \\server\resource.

This functionality is one of the most interesting ones. The endpoint software is ready to identify all the files copied in a computer from the shared folder added in Drainware. Once the file is copied, Drainware will check every file or every copy of them throughout the computer’s file system, allowing you to work with it, but denying its filtration.

For Network URI, we have to input the shared folder location., We must also introduce a short description, and then select the different policies to apply.

It will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:network place.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Only files that have been copied after add the shared folder will be monitored.

 

Applications

To add more applications and include them in our policies, we can add them in the “Manage Applications” section.

To add a new application, we will need its name, for example, iexplorer.exe, or skype.exe. Similarly to the other sections, we have to put a short description and select the policies to associate with it. It will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:apps.png

Advanced

Description: Macintosh HD:Users:jose:Desktop:block_crypt.png In the Advanced section of Drainware, we can configure the behavior of the DLP. We have 3 sections to configure its behavior.

The first section will allow us to block access to encrypted information within particular groups. The behavior will be the same as a file affected by blocked policy.

Description: Macintosh HD:Users:jose:Desktop:evidence.png

The second section will allow us to collect evidence every time an event is carried out. This configuration is directly related to an action defined in the policy, where we can define a criticality level for each group. In this configuration, we can select ‘None’ if we don’t want to collect evidence or the minimum level from which we would want to make for the collection. If we select the low level, the collection will be available for the low, medium, and high levels. If we select the medium level, it will be available only for the medium and high levels. And if we select high, it will be available only for that level.

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

The configuration of the evidence collector is only available for the Premium users. The Freemium users will receive the first 3 screenshots every month.

 

In the last section, we can globally enable or disable modules that affect all policies. In Drainware we consider 3 types of elements:

  • Source: information origin
  • Sink: information destination
  • Pipe: information channel

Description: Macintosh HD:Users:jose:Desktop:dlp_advanced.png

In sources, we currently only have “Network device”. That allows us to recognize Windows shared folders. If we disable this origin, the “Network Sites” section will stop working and it won’t be visible in the menu anymore.

In Sinks we have several modules that monitor the application of the corresponding action (block, alert or log):

  • Dropbox
  • Skydrive
  • Google Drive
  • Network Device
  • Pendrive
  • Printer

Finally, in Pipes we can monitor:

  • Clipboard Image
  • Clipboard Text
  • Keylogger

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

The keylogger module doesn’t allow block the tipping, because until it isn’t written it can’t be analyzed.

 

Notifications

Notifications can’t be configured in the DLP menu, they must be defined in the “General” section, but they are directly related to the DLP.

The notifications allow, as long as we have a browser opened and logged in, the receiving of notifications in real-time when an event is carried out.

We don’t recommend enabling the notifications for all actions and events, because, if they are executed regularly, it can be annoying.

The notifications are HTML5 notifications and they are integrated with the desktop of the operating system, as long as the browser and the operating system support it.

Description: Macintosh HD:Users:jose:Desktop:notifications.png

Sandbox

The Sandbox feature allows us to protect applications against virus. It’s not an antivirus replacement, but rather, a complement.

Description: Macintosh HD:Users:jose:Desktop:menu_sandbox.png

Previously, hackers took advantage of security problems in the server’s software to gain access to the organization. But a security suite was developed to enable firewalls, IDS, IPS…

In the last few years, hackers have taken advantage of new vectors. Using tools like LinkedIn, they can discover who a financially responsible person is, and what contacts he has. From that moment they can make an attack based on spear-phishing that consists of sent e-mails assuming his identity with an attached PDF or an URL that steals data or opens a connection to the outside.

Applications

In Drainware, we develop rules that allow us to block the affected applications before the system will be affected.

Description: Macintosh HD:Users:jose:Desktop:sandbox.png

Inspector

With the Inspector module, you can search in real-time over all the computers in the organization.

Description: Macintosh HD:Users:jose:Desktop:menu_inspector.png

It’s possible that in the organization we have a person or a group of people working with the kind of information to which they shouldn’t have access. It could be done unconsciously or premeditated. Either way, we can find out with the Inspector tool.

Furthermore, once we have experienced a leak of information, it is often very difficult to check all the computers where the related document was. With Inspector, it is possible in seconds, to find very specific files, download them, and even browse through the file system of the computers affected.

Remote search

With the remote search we can start to obtain results.

Description: Macintosh HD:Users:jose:Desktop:search_result.png

The search can take several minutes. The results are shown grouped by the name of the computer where the file was found. Expanding the results by computer, it’s possible to see the file details by clicking on it. We can see information about the modification date, file name, mime type, creation date, and short information about the file header. It’s also possible to download it.

Description: Macintosh HD:Users:jose:Desktop:details.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

You shouldn’t search by very short terms or generic terms. The result can take too much time or it can be unmanageable.

 

It’s possible to browse through one of the computers listed in the results. To do this, you must click on the computer name or IP address (red area).

Description: Macintosh HD:Users:jose:Desktop:browse.png

The file explorer feature is further detailed in section 7.3 of this manual.

Multiple Remote Searches

If we want to search for a lot of terms, it’s possible to use the Multiple Remote Searches function.

To use this feature, you have to create a file with all the search terms in one line, separated by commas. We can create different lines, each one with its own keywords.

keyWordGroupA-1, keyWordGroupA-2, keyWordGroupA-3

keyWordGroupB-1, keyWordGroupB-2

keyWordGroupC-1, keyWordGroupC-2, keyWordGroupC-3

The file extension must be TXT. In addition to uploading the file, we must input a name for this report.

Description: Macintosh HD:Users:jose:Desktop:multiple.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

You shouldn’t search for very short terms or generic terms. The results can take too much time to obtain, or the results can be unmanageable.

 

Remote Files explorer

The Remote Files Explorer allows us to inspect any computer in the organization with Drainware installed.

We will have to provide some details about the computer: computer name, IP address, and optionally, the path. From this point, we can browse through any device in the computer and even download files.

Description: Macintosh HD:Users:jose:Desktop:browse_details.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Drainware is not developed to be an FTP server. Downloading a file with several MB in size can take several minutes until the download starts.

Remote Devices

With this feature, we can see the geographic position of all the devices that have Drainware installed.

In most cases, the geolocation is performed through the IP address, but when the Wi-Fi is activated, it’s possible that the geolocation is performed through Wi-Fi triangulation.

Description: Macintosh HD:Users:jose:Desktop:inspector_map.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Make sure that you don’t refresh the webpage until all the endpoints have responded, especially in networks with thousands of endpoints, as the webpage loading could take several minutes.

In addition to the geolocation of the devices, it’s possible to get a network map encapsulating all the computers that belong to the same ranges. To that effect, we will click on the Network View tab.

Description: Macintosh HD:Users:jose:Desktop:Screen Shot 2013-11-19 at 14.59.29.png

The results are shown in circles, where every circle represents a range or a group of ranges.

Description: Macintosh HD:Users:jose:Desktop:network-1.png

Description: Macintosh HD:Users:jose:Desktop:network3.png It’s possible to click on the segments that we want to inspect and see all the computers connected at that moment.

Reporter

With the Reporter module, we can have access to the data recorded by Drainware. We can get details of every module or statistic from the global behavior of the DLP, Inspector, or Sandbox.

Description: Macintosh HD:Users:jose:Desktop:menu_reporter.png

DLP Events

Once we open the DLP events information, we can see a graph with all the events related to the data leak. Under the graph, we can see a table with a list of related events, ordered from the most recent to the oldest. The table has some controls at the bottom where we can refresh it or browse through.

Description: Macintosh HD:Users:jose:Desktop:DLP.png

The list only shows a preview of the event. If we want to see detailed information, we must click on it.

The details of each event are shown in a table that provides all the information related to the event. Depending on the configuration, it’s also possible to see a screenshot done at the same moment that the event was carried out.

Description: Macintosh HD:Users:jose:Desktop:DLP_events.png

Description: Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotations: Freemium users can only see the first 3 screenshots every month.

Under the table, there is a button which generates a report with the latest security events.

Description: Macintosh HD:Users:jose:Desktop:export.png

If we want to find events by a range of dates, event type, policy, severity, rule, etc., we can use the “Advanced Query” system. As we can have a result with too many events, it’s possible to fill in the maximum number of events we want to show in the result.

Description: Macintosh HD:Users:jose:Desktop:DLP_reporter_Search.png

Every time a query is generated, it’s possible to export the results in CSV format. In order to do this, you have to click on the Generate Report button at the end of the page:

Description: Macintosh HD:Users:jose:Desktop:export.png

DLP Stats

The events and detail of events information is interesting, but in many cases, it’s necessary to have a view at a higher level of what is happening with confidential information or to know how the policies that we have configured are working. To do so, we will create data analysis and statistics.

Activity

In the same graph, it represents the average between severity, action, and the number of events. The policies with more events are located to the right, with the vertical axis representing the average of the actions carried out, where the block is the highest part. The average of the severity is shown in the size of the circle. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:dlp_report.png

Groups by policy

In this graph we can see the groups that carried out more events of one policy. In the top left combo box, you can select a period of time. In the top right combo box, you can select the policy.

Description: Macintosh HD:Users:jose:Desktop:group_by_policy.png

Users by policy

In this graph, we can see the users that carried out more events of one policy. In the top left combo box, you can select a period of time. In the top right combo box, you can select the policy.

Description: Macintosh HD:Users:jose:Desktop:user_by_policy.png

Policy

With the policy graph, we can analyze the policies with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:policy.png

Groups

With the policy graph we can analyze the groups with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:group.png

Sandbox Events

We can see a graph with related events with attempts to abuse applications. Under the graph, we can see a table with the list of events, ordered from the most recent to the oldest. The table has some controls at the bottom where we can refresh it or browse through.

Sandbox Stats

Applications

With the applications graph, we can analyze the policies with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:sandbox_apps.png

Groups

With the policy graph, we can analyze the groups with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:sandbox_groups.png

Inspector search reports

When we make multiple remote searches from the Inspector section, the results are generated in this section. We can find the report by a range of dates to download in Microsoft Excel format.

Description: Macintosh HD:Users:jose:Desktop:reporter_inspector.png

Troubleshooting

Corporate Proxy

Drainware supports connection through a proxy, either configured in the system or auto-configured. However, if the proxy uses authentication, it’s necessary to enable “*.drainware.com” in the accessible domains without authentication.

If you are using SQUID, the configuration would be the next one:

acl drainware dstdomain .drainware.com

acl CONNECT method CONNECT

acl dwCONNECT dstdomain .drainware.com

http_access allow CONNECT dwCONNECT localnet

http_access allow drainware localnet

 

Share with your friends










Submit

Author

Jose Palanco

VP Threat Intelligence at ElevenPaths