Celebrity Cruises


Celebrity reveals new worlds to you in a way no one else can. Engage in one of our cruise vacations and experience an incredible journey. Whether you enjoy hiking among ancient ruins, venturing to remote corners of the globe, or sipping cappuccino in a quaint sidewalk café, Celebrity takes you there with an unparalleled cruise experience.
Alaskan cruises with Celebrity CruisesAlaska
Drink in the splendor of the Alaskan wilderness as you sip cappuccino from your veranda on our Alaska cruises. Catch sight of a humpback whale or wolf pups frolicking in the snow. From the breathtaking sights of Hubbard Glacier to the pioneering spirit of Juneau, the gold-rush spirit of Skagway and the totem poles of Ketchikan, Celebrity’s Alaska is as rustic and romantic as one could ever imagine. As you explore Alaska’s magic and unspoiled dominion, our guides and naturalists share their intimate knowledge to help make this extraordinary experience even more unforgettable. Welcome to Celebrity’s Alaska.

Find your Alaskan Cruise

Bahamas cruises with Celebrity CruisesBahamas
One of the most idyllic spots in the Caribbean, the Bahamas is the perfect place to energize your mind, body and soul. Relax on the sandy white beaches or move to the rhythm of the steel drum bands. Turquoise blue waters, tropical breezes and welcoming locals make this Celebrity journey even more inviting.

Find your Cruise to the Bahamas

Canadian and New England cruises with Celebrity CruisesCanada/New England
Your Celebrity voyage through the vast waters of the Atlantic will lead you to lovely ports in Canada and New England. Rich with museums, galleries, historic sights and world-class dining, this picturesque region will leave you in awe of its immeasurable charm and rustic beauty. From lighthouses standing guard on mammoth granite cliffs to romantic, lantern-lit streets in quaint seaside hamlets, you’ll experience extraordinary moments to cherish for a lifetime. Aboard Celebrity, these moments include savoring an intimate nightcap at the piano bar, or a moment made for two over a perfect martini.

Find your Canadian/New England Cruise

European cruises with Celebrity CruisesEurope
Experience what cruising is really about in Celebrity’s Europe. In Paris, enjoy the countless treasures of the Louvre Museum, then return to the luxury of your Celebrity suite – a masterpiece in itself. From your private veranda, begin your day with pastries and fresh fruit as the incredible city of Barcelona stretches out before you. From Northern Europe to the Mediterranean, explore lands rich in romance languages, classic architecture, food, art and music. Along the way, in true Celebrity Cruises style, savor fine wine and world-class cuisine that rival any found on these timeless shores.

Find your Northern European Cruise

Find your Southern European Cruise

Hawaiian cruises with Celebrity CruisesHawaii
Hawaii has always possessed a mystique and allure that’s hard to resist. As you journey to this Pacific jewel aboard Celebrity Cruises, lose yourself in a morning massage or learn more about the islands you’ll visit during an onboard lecture. From emerald green rainforests and thunderous volcanoes to palm-fringed beaches and indescribable sunsets, Celebrity’s Hawaii promises something for everyone. Whether your vision of Hawaii conjures up images of moonlit beaches or the unmistakable shape of the USS Arizona Memorial in Pearl Harbor, aboard Celebrity Cruises you’ll discover the Hawaii you’ve always imagined – and more.

Find your Hawaiian Cruise

Panama Canal cruises with Celebrity CruisesPanama Canal
Stand face-to-face with the grandeur of the Panama Canal aboard Celebrity Cruises. Whether you cross from Atlantic to Pacific or vice-versa, you’ll encounter experiences that lifelong explorers like Magellan could only dream of. When your Celebrity ship enters the canal, it will rise 85 feet in one of the legendary Gatún Locks. As you cross the Continental Divide – a journey that took mariners of long ago years to complete – a new world of wonder and amazement awaits you on the other side. Join us for what will undoubtedly be a enlightening and rewarding journey.

Find your Panama Canal Cruise

Transatlantic cruises with Celebrity CruisesTransatlantic
Crossing the Atlantic aboard Celebrity means soothing sheets of beautiful blue water and fiery sunsets viewed from your private veranda. As you prepare to dine, a staff member greets you by name as your favorite vintage waits to tantalize your palate with its perfectly aged bouquet. During your voyage, you discover beautiful new lands and learn fascinating things about the native people and their cultures. In your suite, you revel in modern-day luxuries that early travelers could never have dreamed – such as welcome champagne, European-style butler service and oversized bathrobes. Celebrity’s Transatlantic voyages are all of this and more.


Find your transatlantic Cruise

Australian cruises with Celebrity CruisesAustralia/New Zealand
A Celebrity cruise to Australia and New Zealand invites you to experience some of the world’s most incredible modern architecture, fascinating aborigine and Maori culture, and miles of breathtaking coastlines. Take in the vast mountains, ancient forests and active volcanoes. You’ll get to sit back on your veranda and watch the sun wash over Sydney’s famed Opera House as you sip an afternoon cocktail. After an exhilarating day of shopping in the chic district of Auckland, New Zealand, treat yourself to a chilled sorbet and bathrobe onboard.



Find your Australian/New Zealand Cruise

Bermudian cruises with Celebrity CruisesBermuda
Celebrity’s Bermuda is refined dining, bountiful shopping and relaxing golf outings. Stroll cobblestone streets against the backdrop of pastel-painted cottages. Tee up on one of Bermuda’s eight championship golf courses and marvel at the island’s spectacular vistas. When you return to your ship, enjoy a cool sorbet and fresh, cold towels-served poolside. From the historic architecture of the capital city of Hamilton, to the postcard-come-to-life appeal of St. George, delight in the natural wonder, culture and history of this remarkable island paradise.

Find your Bermuda Cruise

Caribbean cruises with Celebrity CruisesCaribbean
Few places on earth are more conducive to relaxation than the islands of the Caribbean. Perhaps it’s the light, tropical breezes that gently soothe the soul. Or the warm waters and warm receptions that await you on every shore. One thing is certain: aboard a Celebrity cruise, a Caribbean vacation offers something for everyone. From snorkeling over ancient shipwrecks to visiting secluded locales off the beaten path, feel your cares melt away as you revel in the warmth of the tropics.


Find your Caribbean Cruise

Golapagos Island cruises with Celebrity CruisesGolapagos Islands
Many destinations promise visitors the chance to "step back into history." A Celebrity Xpeditions to the Galapagos Islands perhaps best exemplifies that promise, as we take you to a destination that helped to shape one of the world’s leading scientific doctrines. They are known as the inspiration for Charles Darwin’s theory of evolution, this cluster of islands is so isolated that many of its creatures cannot be found anywhere else on earth. From the giant tortoises that bear the Galapagos name, to the marine iguanas and "Darwin" finches, the Galapagos islands afford visitors the chance to observe a living laboratory of adaptation. Celebrity Cruises provide guests with this rare, up-close experience with the smallest possible environmental impact to these precious shores.

Find your Galapagos Islands Cruise

Pacific Northwest cruises with Celebrity CruisesPacific Northwest
Best known for its redwood forests and diverse wildlife, the Pacific Northwest is also home to urban attractions, including state-of-the-art museums, quaint boutiques and thriving arts and music scenes. From California to Oregon and Washington to British Columbia, this region offers something for everyone.  Stroll the seawalk along Campbell River in hopes of spotting a playful seal, savor delicious Pacific Rim seafood in a quaint restaurant or enjoy a heritage walk through towering evergreens. As you journey through the "Great Northwest" aboard Celebrity, encounter wild landscapes and explore new horizons found nowhere else on earth.

Find your Pacific Cruise

South American cruises with Celebrity CruisesSouth America
South America is the sum of many parts. On the one hand, there are cities every bit as cosmopolitan as any found north of the equator. Then, there is the wild and untamed side, with lush rain forests and staggering mountain peaks that reach high into the sky. To get the most out of this exotic and diverse destination, experience it with Celebrity, where your every desire is anticipated and your every wish fulfilled. Stretching from the world’s highest waterfall to the land’s end in Tierra del Fuego, Celebrity’s South America is a living mosaic of inviting people, natural wonder and unforgettable moments.

Find your South American Cruise

Book a Celebrity Cruise! Call 1-866-496-9862
Celebrity Cruises – Cruise Ships
Celebrity Cruise ship Constellation
Celebrity Constellation®
has just been revamped-we call it "Solsticized" since it infuses her with cosmopolitan Solstice Class features. She boasts a spectacular, new look and ambience. From the minute you enter the magnificent Grand Foyer, or savor a flavorful steak in the sophisticated Tuscan Grille, or sip your favorite vodka at the ultra-cool, ice-topped Martini Bar-you’ll feel pampered and transformed, too. Sumptuous suites and staterooms offer stunning new décor and flat-screen TVs, yet the level of personal service remains unparalleled and meticulous. It’s a highly enhanced experience.

Celebrity Cruise ship Infinity
Celebrity Infinity®
A sumptuous, world-class meal. A theatrical extravaganza reminiscent of the best on Broadway. Cocktails in a piano bar at midnight. Breakfast overlooking the sea at sunrise. Each and every one is a reality on Celebrity Infinity®. A member of our Millennium Class of ships, Celebrity Infinity is steeped with prestige and elegance. Dressed in polished marble, warm woods and etched glass, Celebrity Infinity consistently makes a long-lasting, premium impression.  Expansive staterooms, specialty restaurants and one of the most rejuvenating spa facilities at sea are just some of the indulgences you’ll find onboard.

Celebrity Cruise ship Summit
Celebrity Summit®
Appropriately named, Celebrity Summit will leave you feeling as if you’ve reached the absolute pinnacle of premium cruising. Large in size yet intimately elegant in ambience, Celebrity Summit boasts all of the services and amenities that have made Celebrity the preferred choice of discerning cruisers around the world. Savor world-class cuisine prepared tableside as you’re surrounded by cosmopolitan yet classic style. Escape to the first music library at sea. Soak up the natural beauty of the Conservatory and the Waterfall Pool. Come aboard and scale the heights of style on Celebrity Summit.

Celebrity Cruise ship Eclipse
Celebrity Eclipse®
Since Celebrity EclipseSM joined our fleet in 2010, she has dazzled and amazed even the most well-traveled cruisers. Like her Solstice Class sisters before her, Celebrity Solstice and Celebrity Equinox, she showcases spectacular vistas with 85% of all staterooms having sweeping veranda views. Celebrity Eclipse hosts QsineSM, a dining venue with a unique and playful approach to familiar dishes from around the world, and Celebrity iLoungeSM, a hip, modern Internet café offering guests what they have asked for – easy access to the Internet, inspiring classes and latest tech gadgets. Add the fresh green grass on the top deck’s Lawn Club and the incredibly pampering services in AquaSpa®, and you may never want to set foot on land again.

Celebrity Cruise ship Silhouette
Celebrity Silhouette®
Once Celebrity Silhouette joins our fleet in 2011, you’ll have another spectacular option for cruising Europe and the Caribbean. She’ll have all the best-loved Solstice Class features. Go on a culinary adventure in QsineSM. Get social at the icy Martini Bar & Crush. Stay connected in the Celebrity iLoungeSM Internet center. Play games on soft, fresh-cut grass at the Lawn Club. And enjoy sweeping veranda views in 85% of staterooms. There’s also Galleria Tastings, an intriguing spot to take a break from the day with enticing “tastes” of food, drink, fashion and art. We’ve created an extraordinary ship experience. Again.

Celebrity Cruise ship Century
Celebrity Century® Immerse yourself in Celebrity Century’s warm, open spaces and soaring atriums. Indulge yourself in soothing spa services. Enjoy dining in world-class restaurants. And sipping a favorite after-dinner drink as you mingle with new friends. A cruise aboard Celebrity Century® is exactly what you’ve been looking for. New accommodations include 314 private verandas, fourteen additional Sky Suites and 174 new-and utterly modern Concierge Class staterooms complete with fresh-cut flowers, a luxurious pillow menu, and upgraded bathroom amenities, even personalized stationery. Welcome aboard.

Celebrity Cruise ship Millennium
Celebrity Millennium®

Celebrity Millennium; you’ll call her magnificent. To sail on Celebrity Millennium, the first of our Millennium-class of ships, is an experience that cannot be expressed in words. Stride her decks and see for yourself what those who have experienced her already know: Celebrity Millennium is more than a ship; she is a special memory waiting to be had.

Celebrity Cruise ship Xpedition
Celebrity Xpedition®
Only Celebrity Xpedition® offers the perfect combination of explorer’s voyage and cosmopolitan bliss. Stylish detail meets intimate ambiance. Travel to one of the last uninhabited places on earth – the legendary Galápagos Islands.  Where untamed wildlife outnumbers the pampered travelers. Sip morning mimosas as giant tortoises sunbathe on the shore outside your window. Enjoy a rejuvenating hot stone massage as Galápagos Sea Lions doze on the beach just off the port bow. Make moonlight toasts under the stars that led sailors and scientists alike to this extraordinary archipelago.

An adventuresome alternative, Celebrity Xpedition accommodates 92 guests. Step aboard and become part of an ardent community of travelers. Experience the untamed wilderness from a ship that offers unexpected indulgences. Take comfort knowing its environmentally sound design helps preserve the pristine islands it explores.  It’s a journey like no other.

Celebrity Cruise ship Equinox
Celebrity Equinox®
captures the very essence of premium cruising. Shimmering in sophistication from bow to stern, she will exceed your expectations as soon as you step aboard. Delight in your choice of ten exceptional dining venues. Relax in chic and spacious accommodations. Be surprised to feel grass beneath your feet at the Lawn Club as you sail out to sea. With every imaginable comfort, along with Celebrity’s unrivaled guest services, you are bound for a unsurpassed experience no matter your destination

Celebrity Cruise ship Solstice
Celebrity Solstice®
offers a series of attributes with cosmopolitan flair that have received an incredible amount of accolades. There’s the half-acre Lawn Club with real grass, the fascinating Hot Glass ShowSM developed with The Corning Museum of Glass, chic dining venues offering trendsetting cuisine, and extraordinary programming including wildly entertaining theatrical productions. Try and find that anywhere else at sea. This stunning ship also offers spacious staterooms and bathrooms, and choices of accommodations, including Celebrity’s life-renewing, spa-inspired AquaClass™ staterooms. Ready to sail Celebrity Solstice? Then get ready for a one-of-a-kind experience.

Book a Celebrity Cruise! Call 1-866-496-9862
*Photos provided by celebritycruises.com
Drainware - Jose Ramon Palanco

Projects

Drainware

22 January, 2020

Tags: , , , , , ,

Between 2011 and 2014 we developed (Cristian Sandoval, Marco Lojo, Antonio Moreno, .. among others) a Cloud Platform with DLP capabilities, now in 2020 it is Open Source. It was a very cool technology at that time, we used mongo, redis, rabbitmq, .. among other technologies. Most of the magic was inside the endpoint, written in C++.

This product is able to identify data leaks in buffers like the clipboard, screenshot (OCR), … monitor removable devices, network units, applications (minifilter driver), cloud apps (dropbox, one drive, google drive), printer (OCR), …

It uses geolocation based on the SSIDs using google location services to track stolen devices or known when a device was located when the data leak was performed.

It also comes with a basic sandbox to freeze applications abused by exploits by detecting suspicious traces in memory like nop-sled, heap-spray, ….

One of the coolest features was the distributed search across all endpoints of the organization. It was possible to find files, emails, documents, …

Another interesting feature is that the endpoint includes a PHP interpreter to run callbacks or create validators based in regular expressions, REST API calls or whatever you can imagine. It also uses ADS, ssdeep and several fun things you will find browsing into the code.

Promo video:

Now this project is opensource!

The code

You can download the source code at Github:

https://github.com/drainware

DISCLAIRME: Use the code under your own responsibility. This project is not maintained for a long time, so most of the dependencies are obsoletes and some of them vulnerable.

Screencasts

Drainware Intro:

Drainware DLP:

DLP Storage:

DLP Custom rules:

 

 

 

Manual

 

Introduction

This manual is written either to be read sequentially the first time, or can be used as a reference guide. During this reading you can find notices in the following formats:

Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotations: Concept clarifications

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!: Important concepts to keep in mind

Tip: Tricks, shortcuts and other tips

About Drainware

Drainware is a security platform that is like a service. It has several modules to protect the information and/or the computers that contain this information.

We offer Freemium license which means you can start using it for free with some restrictions in its features.

Requirements

Operating System

Drainware can be deployed on computers with Microsoft Windows OS installed. The currently supported versions are the following:

OS Architecture
Windows XP x86
Windows 7/8 x86/x64
Windows 10 x86/x64

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!

Windows XP is supported only with Service Pack 3 or later. We also have support for Windows XP SP2, but you have to install the following components:

Windows Search 4.0 for Windows XP (KB940157)

Wireless LAN API (KB918997)

    1. Minimum Hardware

CPU: Intel Pentium III 1 GHz or faster

RAM: 1 GB (2GB recommended)

HDD: 200 MB

Installation

Signing up in the system

Before installing Drainware, it’s necessary to have an account on the platform. To sign up in the system you’ll have to go to the official Drainware website at https://www.drainware.com and click on the sign-up button in the top-right menu.

 

home

register

This will show us a form where we must input the information requested: registry data, company name, VAT ID, and the number of employees.

The e-mail will be associated with your account and it won’t be able to be changed in the future.

For the number of employees field, we only have to consider the ones that normally work with a computer.

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!: The password must have at least 8 characters.

Afterward, you will receive an e-mail that will allow you to validate your new account.

register_mail

When the license has been validated, it will redirect us to the sign-in page where we will have to input the e-mail and the password that we have entered in before.

login

Software endpoint installation

Once we have the license validated and entered our credentials, we are correctly signed in and able to download the software. After sign in, we have the possibility to download the installer. To the right of the download link, we have the license number that is a 16 digit code that we will need during the installation.

Download

This installer will install the 32 or 64-bit version, depending on the operative system used.

Advanced Installation

It is possible to deploy the endpoint in an unattended manner. This is very useful if you have a lot of users and you want to deploy it on a mass scale.

To do that, you can find the .msi installers available in the following URL

http://update.drainware.com/

The procedure to install it through the command line is below (where you must replace the red text by your license number):

msiexec /i file.msi /quiet /noreboot DDI_LIC=XXXX-XXXX-XXXX-XXXX

If you prefer you can use this logon script:

Name: drainware_logon.vbs

Function GetWindowsArchitecture(strComputerName)

Set objWMI = GetObject("winmgmts://" & strComputerName & "/root/cimv2")

Set colItems = objWMI.ExecQuery("Select * from Win32_OperatingSystem", , 48)




For Each objItem In colItems

GetWindowsArchitecture = "32-bit"

If left(objItem.Version,3) >= 6.0 Then

GetWindowsArchitecture = objItem.OSArchitecture

End If

Next

End Function

Function GetProgramsFolder()

Set wshShell = WScript.CreateObject("WScript.Shell")

GetProgramsFolder = wshShell.ExpandEnvironmentStrings("%programfiles%")

End Function

Function ExistDrainwareSecurityDir()

Set objFSO = CreateObject("Scripting.FileSystemObject")

ExistDrainwareSecurityDir = objFSO.FileExists(GetProgramsFolder() & "\Drainware\Drainware Security Endpoint\DrainwareSecurityAgent.exe")

End Function

Function DownloadDSE(strRemoteDSE, strLocalDir)

Set objFSO = CreateObject("Scripting.FileSystemObject")

objFSO.CopyFile strRemoteDSE, strLocalDir & "\"

End Function

Function InstallDSE(strLicense, strRepository)

If Not ExistDrainwareSecurityDir() Then

Set wshShell = WScript.CreateObject("WScript.Shell")

Select Case GetWindowsArchitecture(".")

Case "64-bit"

Rem Msgbox "Installing Endpoint 64-bit " & strLicense

strRemoteDSE = strRepository & "\SetupCloud.msi"

strLocalDSE = wshShell.ExpandEnvironmentStrings("%temp%") & "\SetupCloud.msi"

Case "32-bit"

Rem Msgbox "Installing Endpoint 32-bit " & strLicense

strRemoteDSE = strRepository & "\SetupCloud32.msi"

strLocalDSE = wshShell.ExpandEnvironmentStrings("%temp%") & "\SetupCloud32.msi"

End Select

DownloadDSE strRemoteDSE, wshShell.ExpandEnvironmentStrings("%temp%")

Rem Msgbox "msiexec /qn /i " & strLocalDSE & " ddi_lic=" & strLicense

Rem WshShell.Run "msiexec /qn /i " & strLocalDSE & " ddi_lic=" & strLicense

Msgbox "Your computer will restart after a few seconds"

End If

End Function

Dim strLicense

Dim strRepository

strLicense = WScript.Arguments(0)

strRepository = WScript.Arguments(1)

InstallDSE strLicense, strRepository

 

Usage:

drainware_logon.vbs LICENSE LOCATION

example: drainware_logon.vbs XXXX-XXXX-XXXX-XXXX \\mynas\resources\dlp\

The location must contains both msi files (for x86 and x64)

Useful links

Create a GPO (Windows 2008)

Initial configuration

In this section, we will go through the initial configuration of Drainware. These are the available options in the left menu (red area) of Drainware once you sign in.

menu

Credentials

In this section, we can update our password. If we want to change it, we also have to fill in the current password.

credentials

Subscription

Drainware has two different subscription types. One is the Freemium option, which offers a monthly service with a limit of 500 security events; after 500 events, the organization will be unprotected until the first day of the next month.

On the other hand, we offer a Premium subscription that is based on the number of users you wish to protect. The Premium subscription includes unlimited events (as long as use remains reasonable).

In this section, it is possible to check the validity of the subscription and upgrade it in the case of using a Freemium subscription.

If you have questions about this section, please write an e-mail to sales@drainware.com and our sales team will be happy to assist you.

Groups

It is possible that in your organization you would like to apply different policies depending on groups of users. We can organize the groups by areas or departments, depending on the requirements of the organization.

In this section, we can create the groups inside our platform and then apply policies directly over them.

It is possible to integrate the groups in the organization directly with Drainware, and this topic is explained in more detail in section 4.5.

Users

Every time that user logs in to a computer protected with Drainware, the server is notified, and it will register it in the system. From that moment, we can associate that user to one or more groups.

Authentication

To integrate Drainware with your organization, we offer an authentication module. We have 2 different options to configure the authentication module: local authentication or LDAP.

By default, Drainware works in the local authentication mode, in such a way that the group information is already in our platform.

With the LDAP option, it’s possible to integrate an LDAP server or Active Directory Domain to be able to use the users and groups of the organization.

If you want to integrate LDAP, it’s necessary to open the LDAP port to the Internet. We recommend opening it with SSL exclusively.

If you want to integrate it with Active Directory, you should use the following information:

Field Value
Type LDAP
SSL Depending on your configuration
Version 2.0
Host IP or Computer Name
Port 389 or 636 if it’s SSL
DN DOMAIN\user
Password User Password
Base DC=DOMAIN, DC=LOCAL
User Attr sAMAccountName
Recursive Groups Optional

We recommend to use always LDAP with SSL and to block any connection except if it comes from our public IP Adress.

We also have the “Recursive Groups” option. This option allows users in nested groups to resolve the groups to which they don’t directly belong.

Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotation: If an LDAP user doesn’t belong to any of the imported groups, it will belong to the default group automatically.

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

When the LDAP is integrated, all users will be available in the platform however the same doesn’t happen with the groups. The groups must be imported one by one from the group’s section, which will also be integrated with LDAP.

Time Zone

It’s possible that the employees of an organization work or travel around the world. Therefore, in Drainware, we work with the UTC time zone. In order to translate the time between different time zones, we offer the possibility to select the time zone where the administrator wishes to see the events.

Dashboard

The main window of Drainware shows an overview of the security events that happened since the installation of Drainware. It also shows the details of the events that happened since the beginning of every month.

Macintosh HD:Users:jose:Desktop:dashboard.png

For Freemium users, it shows a status bar that shows the monthly events. When the number of events reaches 500, Drainware will stop working until the beginning of the next month. The administrator will then receive an e-mail notification that the organization is not protected with Drainware anymore.

Tip:

To the right of the monthly events bar, you can find a link to get more free events per month in the Freemium version. To receive more free events, you only have to share a link with the reference code. For every verified installation referred to this code, Drainware will give you 100 extra free events per month.

DLP

In the DLP module (Data Loss Prevention), we can control the confidential information inside the organization to prevent data leaks.

Macintosh HD:Users:jose:Desktop:menu_dlp.png

Policies

The policies define what information you want to monitor and what action will be carried out. In the policies creation section, we provide a wizard that makes the whole process easier. We’re going to create a policy with the name POL001 and the description of “Policy 1”.

Macintosh HD:Users:jose:Desktop:pol1.png

In the first step we have to provide a name and a short description of the policy:

Macintosh HD:Users:jose:Desktop:pol2.png

In the next step, we have to define the information that we want to protect.

We can see the next menu:

  • Concepts / Subconcepts: patterns predefined by Drainware to identify the information.
  • Applications: applications that we’ll deny any access to confidential information.

As we continue configuring Drainware, this section will contain other elements such as rules, files, and network sites; which will see in the next sections.

Macintosh HD:Users:jose:Desktop:pol3.png

If we expand the Concepts/Subconcepts we will see a big list of categories. We can include a subconcept in our policy like Visa or the credit card concept that would include all credit card types.

Macintosh HD:Users:jose:Desktop:pol4.png

In the applications section, we can see a list (that can be extended by the user) that allows the blocking of several programs.

Macintosh HD:Users:jose:Desktop:pol5.png

In Step 3 we can see a list of the groups that we have already imported, the action that will be carried out, and the severity (how severe is the group of users that triggered the policy).

Macintosh HD:Users:jose:Desktop:pol6.png

We only have to select the groups that we want to be affected by the policy. When defining the action, it can be:

  • Log: logs the event in the Drainware database for audit purposes.
  • Alert: an e-mail is sent by default to the e-mail address used for sign up in Drainware, but it can be overridden by another address specified only for this policy.
  • Block: prevents filtering of information.

In all cases, the employee that executes the policy will see a notification.

Macintosh HD:Users:jose:Desktop:pol7.png

We only have to click the “Finalize” button and the policy will be created.

Macintosh HD:Users:jose:Desktop:pol8.png

Every time we create a policy, it will appear in the policies list. In this list, we have 3 buttons:

  • Configuration: we can configure the information to protect, like we configured in step 2.
  • Action: we can re-define actions for the different groups, like we configured in step 3.
  • Remove: removes the policy.

Once the policy is created, it can’t be renamed.

Macintosh HD:Users:jose:Desktop:pol9.png

Rules

With “Rules”, we can define our own information patterns to protect inside the policies. We can include, for example, confidential footers that we usually introduce in documents with confidential information. We can also add regular expressions that describe any confidential documents that we want to protect.

To create a rule, we have to introduce a name without spaces and special characters (A), a description (B), optionally, we can include a verification function in PHP (C) and we can define which policies we want to associate with this rule (D). Like policies, rules can’t be renamed either.

Tip:

If we want to use a verification function in PHP, it will receive the variable “$match” that contains the resulting match after the regular expression is applied. It will be necessary that after analyzing $match, it will assign TRUE (accept match) or FALSE (deny match) to the “$return_val” variable.

Macintosh HD:Users:jose:Desktop:rule.png

Files

For very exceptional cases, it’s possible that a rule can’t cover all our requirements and we’d want to sign up for a file. In these cases, we can upload a file to help Drainware to identify when someone is trying to filter information.

The procedure is very simple. We can upload one or more files and they will be automatically available to associate with our policies. We only have to go to the policy configuration and select the filename.

Every time we upload a file, this will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:files.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Before uploading a file, we suggest to use a unique filename or even put the current date to distinguish it from another with the same name.

 

Network Sites

In the network sites section, we can add Windows shared folders with the format \\server\resource.

This functionality is one of the most interesting ones. The endpoint software is ready to identify all the files copied in a computer from the shared folder added in Drainware. Once the file is copied, Drainware will check every file or every copy of them throughout the computer’s file system, allowing you to work with it, but denying its filtration.

For Network URI, we have to input the shared folder location., We must also introduce a short description, and then select the different policies to apply.

It will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:network place.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Only files that have been copied after add the shared folder will be monitored.

 

Applications

To add more applications and include them in our policies, we can add them in the “Manage Applications” section.

To add a new application, we will need its name, for example, iexplorer.exe, or skype.exe. Similarly to the other sections, we have to put a short description and select the policies to associate with it. It will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:apps.png

Advanced

Description: Macintosh HD:Users:jose:Desktop:block_crypt.png In the Advanced section of Drainware, we can configure the behavior of the DLP. We have 3 sections to configure its behavior.

The first section will allow us to block access to encrypted information within particular groups. The behavior will be the same as a file affected by blocked policy.

Description: Macintosh HD:Users:jose:Desktop:evidence.png

The second section will allow us to collect evidence every time an event is carried out. This configuration is directly related to an action defined in the policy, where we can define a criticality level for each group. In this configuration, we can select ‘None’ if we don’t want to collect evidence or the minimum level from which we would want to make for the collection. If we select the low level, the collection will be available for the low, medium, and high levels. If we select the medium level, it will be available only for the medium and high levels. And if we select high, it will be available only for that level.

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

The configuration of the evidence collector is only available for the Premium users. The Freemium users will receive the first 3 screenshots every month.

 

In the last section, we can globally enable or disable modules that affect all policies. In Drainware we consider 3 types of elements:

  • Source: information origin
  • Sink: information destination
  • Pipe: information channel

Description: Macintosh HD:Users:jose:Desktop:dlp_advanced.png

In sources, we currently only have “Network device”. That allows us to recognize Windows shared folders. If we disable this origin, the “Network Sites” section will stop working and it won’t be visible in the menu anymore.

In Sinks we have several modules that monitor the application of the corresponding action (block, alert or log):

  • Dropbox
  • Skydrive
  • Google Drive
  • Network Device
  • Pendrive
  • Printer

Finally, in Pipes we can monitor:

  • Clipboard Image
  • Clipboard Text
  • Keylogger

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

The keylogger module doesn’t allow block the tipping, because until it isn’t written it can’t be analyzed.

 

Notifications

Notifications can’t be configured in the DLP menu, they must be defined in the “General” section, but they are directly related to the DLP.

The notifications allow, as long as we have a browser opened and logged in, the receiving of notifications in real-time when an event is carried out.

We don’t recommend enabling the notifications for all actions and events, because, if they are executed regularly, it can be annoying.

The notifications are HTML5 notifications and they are integrated with the desktop of the operating system, as long as the browser and the operating system support it.

Description: Macintosh HD:Users:jose:Desktop:notifications.png

Sandbox

The Sandbox feature allows us to protect applications against virus. It’s not an antivirus replacement, but rather, a complement.

Description: Macintosh HD:Users:jose:Desktop:menu_sandbox.png

Previously, hackers took advantage of security problems in the server’s software to gain access to the organization. But a security suite was developed to enable firewalls, IDS, IPS…

In the last few years, hackers have taken advantage of new vectors. Using tools like LinkedIn, they can discover who a financially responsible person is, and what contacts he has. From that moment they can make an attack based on spear-phishing that consists of sent e-mails assuming his identity with an attached PDF or an URL that steals data or opens a connection to the outside.

Applications

In Drainware, we develop rules that allow us to block the affected applications before the system will be affected.

Description: Macintosh HD:Users:jose:Desktop:sandbox.png

Inspector

With the Inspector module, you can search in real-time over all the computers in the organization.

Description: Macintosh HD:Users:jose:Desktop:menu_inspector.png

It’s possible that in the organization we have a person or a group of people working with the kind of information to which they shouldn’t have access. It could be done unconsciously or premeditated. Either way, we can find out with the Inspector tool.

Furthermore, once we have experienced a leak of information, it is often very difficult to check all the computers where the related document was. With Inspector, it is possible in seconds, to find very specific files, download them, and even browse through the file system of the computers affected.

Remote search

With the remote search we can start to obtain results.

Description: Macintosh HD:Users:jose:Desktop:search_result.png

The search can take several minutes. The results are shown grouped by the name of the computer where the file was found. Expanding the results by computer, it’s possible to see the file details by clicking on it. We can see information about the modification date, file name, mime type, creation date, and short information about the file header. It’s also possible to download it.

Description: Macintosh HD:Users:jose:Desktop:details.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

You shouldn’t search by very short terms or generic terms. The result can take too much time or it can be unmanageable.

 

It’s possible to browse through one of the computers listed in the results. To do this, you must click on the computer name or IP address (red area).

Description: Macintosh HD:Users:jose:Desktop:browse.png

The file explorer feature is further detailed in section 7.3 of this manual.

Multiple Remote Searches

If we want to search for a lot of terms, it’s possible to use the Multiple Remote Searches function.

To use this feature, you have to create a file with all the search terms in one line, separated by commas. We can create different lines, each one with its own keywords.

keyWordGroupA-1, keyWordGroupA-2, keyWordGroupA-3

keyWordGroupB-1, keyWordGroupB-2

keyWordGroupC-1, keyWordGroupC-2, keyWordGroupC-3

The file extension must be TXT. In addition to uploading the file, we must input a name for this report.

Description: Macintosh HD:Users:jose:Desktop:multiple.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

You shouldn’t search for very short terms or generic terms. The results can take too much time to obtain, or the results can be unmanageable.

 

Remote Files explorer

The Remote Files Explorer allows us to inspect any computer in the organization with Drainware installed.

We will have to provide some details about the computer: computer name, IP address, and optionally, the path. From this point, we can browse through any device in the computer and even download files.

Description: Macintosh HD:Users:jose:Desktop:browse_details.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Drainware is not developed to be an FTP server. Downloading a file with several MB in size can take several minutes until the download starts.

Remote Devices

With this feature, we can see the geographic position of all the devices that have Drainware installed.

In most cases, the geolocation is performed through the IP address, but when the Wi-Fi is activated, it’s possible that the geolocation is performed through Wi-Fi triangulation.

Description: Macintosh HD:Users:jose:Desktop:inspector_map.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Make sure that you don’t refresh the webpage until all the endpoints have responded, especially in networks with thousands of endpoints, as the webpage loading could take several minutes.

In addition to the geolocation of the devices, it’s possible to get a network map encapsulating all the computers that belong to the same ranges. To that effect, we will click on the Network View tab.

Description: Macintosh HD:Users:jose:Desktop:Screen Shot 2013-11-19 at 14.59.29.png

The results are shown in circles, where every circle represents a range or a group of ranges.

Description: Macintosh HD:Users:jose:Desktop:network-1.png

Description: Macintosh HD:Users:jose:Desktop:network3.png It’s possible to click on the segments that we want to inspect and see all the computers connected at that moment.

Reporter

With the Reporter module, we can have access to the data recorded by Drainware. We can get details of every module or statistic from the global behavior of the DLP, Inspector, or Sandbox.

Description: Macintosh HD:Users:jose:Desktop:menu_reporter.png

DLP Events

Once we open the DLP events information, we can see a graph with all the events related to the data leak. Under the graph, we can see a table with a list of related events, ordered from the most recent to the oldest. The table has some controls at the bottom where we can refresh it or browse through.

Description: Macintosh HD:Users:jose:Desktop:DLP.png

The list only shows a preview of the event. If we want to see detailed information, we must click on it.

The details of each event are shown in a table that provides all the information related to the event. Depending on the configuration, it’s also possible to see a screenshot done at the same moment that the event was carried out.

Description: Macintosh HD:Users:jose:Desktop:DLP_events.png

Description: Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotations: Freemium users can only see the first 3 screenshots every month.

Under the table, there is a button which generates a report with the latest security events.

Description: Macintosh HD:Users:jose:Desktop:export.png

If we want to find events by a range of dates, event type, policy, severity, rule, etc., we can use the “Advanced Query” system. As we can have a result with too many events, it’s possible to fill in the maximum number of events we want to show in the result.

Description: Macintosh HD:Users:jose:Desktop:DLP_reporter_Search.png

Every time a query is generated, it’s possible to export the results in CSV format. In order to do this, you have to click on the Generate Report button at the end of the page:

Description: Macintosh HD:Users:jose:Desktop:export.png

DLP Stats

The events and detail of events information is interesting, but in many cases, it’s necessary to have a view at a higher level of what is happening with confidential information or to know how the policies that we have configured are working. To do so, we will create data analysis and statistics.

Activity

In the same graph, it represents the average between severity, action, and the number of events. The policies with more events are located to the right, with the vertical axis representing the average of the actions carried out, where the block is the highest part. The average of the severity is shown in the size of the circle. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:dlp_report.png

Groups by policy

In this graph we can see the groups that carried out more events of one policy. In the top left combo box, you can select a period of time. In the top right combo box, you can select the policy.

Description: Macintosh HD:Users:jose:Desktop:group_by_policy.png

Users by policy

In this graph, we can see the users that carried out more events of one policy. In the top left combo box, you can select a period of time. In the top right combo box, you can select the policy.

Description: Macintosh HD:Users:jose:Desktop:user_by_policy.png

Policy

With the policy graph, we can analyze the policies with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:policy.png

Groups

With the policy graph we can analyze the groups with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:group.png

Sandbox Events

We can see a graph with related events with attempts to abuse applications. Under the graph, we can see a table with the list of events, ordered from the most recent to the oldest. The table has some controls at the bottom where we can refresh it or browse through.

Sandbox Stats

Applications

With the applications graph, we can analyze the policies with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:sandbox_apps.png

Groups

With the policy graph, we can analyze the groups with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:sandbox_groups.png

Inspector search reports

When we make multiple remote searches from the Inspector section, the results are generated in this section. We can find the report by a range of dates to download in Microsoft Excel format.

Description: Macintosh HD:Users:jose:Desktop:reporter_inspector.png

Troubleshooting

Corporate Proxy

Drainware supports connection through a proxy, either configured in the system or auto-configured. However, if the proxy uses authentication, it’s necessary to enable “*.drainware.com” in the accessible domains without authentication.

If you are using SQUID, the configuration would be the next one:

acl drainware dstdomain .drainware.com

acl CONNECT method CONNECT

acl dwCONNECT dstdomain .drainware.com

http_access allow CONNECT dwCONNECT localnet

http_access allow drainware localnet

 

Share with your friends










Submit

Author

Jose Palanco

VP Threat Intelligence at ElevenPaths