Holland America Line

Holland America and Travelonly team up for the best deals in cruises
Alaskan cruises with Holland AmericaAlaska
Imagine standing on your private verandah and watching whales breach and eagles soar. Imagine being among the lucky few to spend a whole day in Glacier Bay National Park. Imagine traveling through Alaska’s sublime beauty and frontier ports in unsurpassed luxury and comfort. On Holland America Line’s spectacular 7-day Alaska cruise vacations – imagination meets reality. We offer a greater selection of Alaska cruise itineraries than any other cruise line and are the only cruise line to offer Glacier Bay National Park on all three major cruise itineraries. And our spacious, mid-size ships carry fewer guests ensuring quiet corners and unfettered views.

Find your Alaskan Cruise

Australian cruises with Holland AmericaAustralia
Experience the seductive power of the Pacific islands in Hawaii, Samoa, Vanuatu and Fiji. Explore New Zealand’s wine country, pristine beaches, geothermal wonders and awe inspiring natural beauty. Discover a world of ancient traditions in the power of the Maori Haka. Take in the Victorian splendor of Melbourne and the friendly esprit de corps of Sydney and Auckland. Be among the few to discover the gardens and waterfalls of Burnie, Tasmania. Throughout your journey, experience a deep and personal connection to each unique destination with our exclusive, award-winning shore excursions. Holland America Line’s 14- to 70-day Australia, New Zealand & South Pacific cruise vacations provide extensive scenic cruising. Our 14-day itineraries from Sydney and Auckland offer explorations on New Zealand’s North and South Islands or the exotic South Pacific.

Find your Australian Cruise
Canadian and New England cruises with Holland AmericaCanada / New England
Discover the unique history, stunning beauty and diverse cultures of Canada and New England. Walk Boston’s Freedom Trail, explore Prince Edward Island, and immerse yourself in the French inspired wonders of Québec City and Montreal. And new this year: the wild beauty of Gaspé Peninsula, the traditions of the Innu nation at Sept-Îles, and a manmade glacier in Baie-Comeau, all in Québec. You’ll be so close to home and yet you’ll feel as if you’re worlds away. A perfect family vacation, these cruises feature five convenient home ports and itineraries spanning spring, summer and fall. All this aboard a five-star Holland America ship with plenty of activities to please and entertain everyone in the family.

Find your Canada/New England Cruise
European and Mediterranean cruises with Holland AmericaEurope & Mediterranean
There is no better way to experience Europe than on a Holland America Line cruise. After all, Europe is our home, and we have over 135 years of experience providing our guests a premium experience at an exceptional value. Onshore, longer days in port and one-of-a-kind excursions give you access to events and sights experienced only by a lucky few. Return each day to spacious accommodations, gourmet meals and top-notch entertainment. Timeless elegance, industry-leading amenities, activities, and warm, intuitive service onboard give you a vacation in Europe beyond compare. The dream of Europe awaits – all you have to do is step aboard.

Find your Northern Europe Cruise
Find your Southern Europe Cruise

Mediterranean Cruises
From the wonders of Egypt, Greece, Turkey, Spain, and Italy, to the beautiful beaches of the Black Sea and the French Riviera, our Mediterranean cruise vacations have something for everyone.

Find your Eastern Mediterranean Cruise



Find your Western Meditteranean Cruise

Transatlantic Cruises
The classic “crossing” has been reimagined to combine relaxing, luxurious days at sea with exciting itineraries and numerous ports of call offering a vast array of European cultures and cuisine.
Find your Transatlantic Cruise

Hawaii cruises with Holland AmericaHawaii
Rich with dramatic tropical beauty, chic boutiques and galleries, and a kind and hospitable people proud of their heritage and culture, Hawaii is a cruise destination to be visited again and again. Holland America Line makes every Hawaii cruise unique and memorable. Savor relaxing days at sea aboard our mid-size ms Zaandam and indulge in our Greenhouse Spa, Culinary Arts Center and Explorations Café. Onshore enjoy award-winning shore excursions, including our Encore Collection, specially designed to give returning guests a new experience. Heaven surely awaits you aboard a premium Holland America Line Hawaii cruise. Holland America Line offers cruise vacations beginning and ending in downtown San Diego, where the pier is conveniently located near the airport on beautiful San Diego Bay. Longer cruises also begin or end in Vancouver, British Columbia and offer even more indulgent days at sea.



Find your Hawaiian Cruise

Mexican cruises with Holland AmericaMexico
The excitement of the Mexican Riviera and wildlife-rich Sea of Cortez await you on a Holland America Line Mexico cruise vacation. Revel in the pulsing energy of Puerto Vallarta, Mazatlan and Acapulco, and then relax in the quiet beauty of the Sea of Cortez with unique, off-the-beaten-path destinations like La Paz, Loreto, and the Copper Canyon. Throughout Mexico discover historic sites, shop for local treasures, and enjoy all manner of beach and water activities. Perfect for family vacations, our award-winning shore excursions and onboard amenities allow every guest to experience a tailor-made Mexican cruise fiesta. Holland America Line offers a variety of Mexico cruise itineraries, all beginning and ending in downtown San Diego where the pier is conveniently located just minutes from the airport on beautiful San Diego Bay. Begin and end your cruise sailing past Coronado Island, Cabrillo National Monument and Point Loma.




Find your Mexican Cruise


Pacific Northwest cruises with Holland AmericaPacific Northwest
Featuring distinct ports of call, gorgeous scenery and relaxing days at sea aboard our premium, mid-size ships, our 1- to 5-day Pacific Northwest & Pacific Coast cruises are the perfect get-away. Explore the diverse neighborhoods of Vancouver, Victoria and Seattle, explore Avalon on Santa Catalina Island, and play on San Diego’s golden beaches. On board, be completely pampered by our crew. Have breakfast delivered to your spacious stateroom, luxuriate in our Greenhouse Spa, take a cooking class at our Culinary Arts Center, or simply relax with a latte in our Explorations Café and watch the scenery go by.Holland America Line’s Pacific Northwest & Pacific Coast cruises make the perfect surprise gift or special long weekend. Before or after your cruise, take advantage of our hotel packages and enjoy more of Vancouver, Seattle, Los Angeles or San Diego.

Find your Pacific Northwest Cruise

Asian cruises with Holland AmericaAsia
The exotic capitals and off-the-beaten-track treasures of the Far East await – we invite you to immerse yourself in the diverse history and culture of Asia and the Pacific. Aboard Holland America’s elegant and spacious ms Volendam, travel to unique ports of call and experience inspiring days and enchanting nights. Highlights include the beauty of Australia’s Great Barrier Reef, shopping in Hong Kong, Shanghai’s stunning architecture, and the exotic wonders of Bangkok.
In addition, we now offer a unique voyage across the Pacific from Kobe (Osaka) to Vancouver, with the opportunity to explore Kodiak and Sitka, Alaska. Holland America Line offers 17- to 18-day Asia & Pacific cruise vacations in Spring 2011. Focus on a particular region or easily combine cruise itineraries with no port repetition. Enjoy overnight stays in Singapore, Bangkok, Hong Kong, Shanghai, and Tokyo, capped off with gracious Holland America Signature of Excellence® service for an unforgettable world class cruising experience.
Find your Asian Cruise

Bermudian cruises with Holland AmericaBermuda
We are pleased to announce new itineraries departing from New York City to Bermuda, a dreamy tropical isle with a decidedly British flair. From Historic St. George, a charming UNESCO World Heritage Site to Hamilton, with pastel-colored storefronts, there is something for everyone. Here, proper business attire is Bermuda shorts, cricket is the national sport and afternoon tea goes without saying. An interesting fact about Bermuda is there are more golf courses per square mile than anywhere else in the world. Highlights: the famous pink beaches and secluded coves of South Shore Park, the quaint shops and boutiques of Hamilton, the rich colonial history of St. George. Holland America’s 7-day Bermuda itinerary is perfect for families with summer departures from August – October, all conveniently roundtrip from New York.

Caribbean cruises with Holland AmericaCaribbean
Our carefully crafted itineraries offer choice Caribbean cruise experiences across three distinct regions. For the ultimate day in paradise: our award winning private island, Half Moon Cay.

Eastern Caribbean & Bahamas Cruises

For the beauty of its beaches, the Eastern Caribbean and Bahamas are unequalled. On the horizon: the diverse cultures and attractions of St.  Thomas, St. Maarten, Half Moon Cay, Grand Turk and San Juan.


Find your Eastern Caribbean Cruise

Western Caribbean Cruises
Discover miles of perfect beach, world-class diving and ancient Mayan ruins. Explore Mexico, Belize, Guatemala and the Caribbean islands of Grand Cayman, Grand Turk and our award winning private island, Half Moon Cay.


Find your Western Caribbean Cruise

Southern Caribbean Cruises
Off the beaten track lie tiny island nations: St. Lucia, Martinique, Curaçao, and Barbados. A bit further – the Panama Canal and Costa Rica.  All itineraries include our private island, Half Moon Cay.
Find your Southern Caribbean Cruise

Grand Voyage cruises with Holland AmericaGrand Voyages
Luxurious days at sea, explorations of iconic cities and remote destinations, new friendships and superb service – Holland America Line invites you on a Grand World Voyage.

Grand World Voyages
Embark on a voyage to stunning destinations, defining experiences, and lifelong memories. Holland America Line invites you to complete a global circumnavigation.

Find your Grand World Voyage

Grand South America & Antarctica Voyages
Transit the Panama Canal, navigate the Amazon River, round Cape Horn and discover the awesome beauty of Antarctica. Welcome to the adventure that is South America.

Grand Africa & Mediterranean Voyages
Rich with maiden ports and off-the-beaten-path destinations, the 2011 and 2012 Grand Africa & Mediterranean Voyages are perfect for those who have previously traveled through or cruised Europe.

Grand Asia & Australia Voyages
Discover the diverse cultures and natural wonders of the Pacific Rim.  Travel roundtrip from North America or choose one of our exciting segments.

Grand Mediterranean & Black Sea Voyages
Venture deep into the Mediterranean to discover 25 centuries of history, art and culture in Spain, France, Italy, Greece, Turkey, Malta, and Portugal. Savor extended stays in favorite cities and two full days in Barcelona and Istanbul.

Find your Grand World Voyage

Holiday cruises with Holland AmericaHoliday Cruises
Revel in all the joys and traditions of the holidays without any of the stress. On a Holland America Line Holiday cruise we take care of everything: sumptuous holiday meals, grand decorations throughout the ship, a New Year’s Eve ball, and abundant activities for every age and interest. We’ll even help organize your holiday family reunion. Let this next holiday be the year you free yourself from responsibility for cleaning, cooking, decorating or hosting out of town guests. Instead, celebrate the season and the joy of being with your family while exploring a beautiful destination. Holland America Line offers Holiday cruise vacations in the Caribbean, Mexico, Hawaii, South America, Australia and New Zealand, and through the Panama Canal. Let Holland America Line give you and your family the gift of a beautiful, fun-filled, and stress-free holiday.

Panama Canal cruises with Holland AmericaPanama Canal
The Panama Canal is one of the greatest achievements of the 20th century. As you transit this engineering marvel, listen to its stories of extraordinary human vision, sacrifice and triumph as part of our Explorations program. Beyond the canal, find Caribbean island nations and our award-winning private island, Half Moon Cay. Walk in the footsteps of ancient Incans and Mayans as you explore the ruins of bygone empires. Discover Costa Rica’s rainforests, Guatemala’s colonial history, and Ecuador’s volcanoes. All this while enjoying our 5-star service, spacious accommodations and first class amenities and activities.

With our wide variety of 10- to 28-day itineraries, Holland America Line has the perfect Panama Canal cruise vacation for your interests, schedule and budget. Convenient home ports include Fort Lauderdale, San Diego, Los Angeles, Seattle and Vancouver.

Find your Panama Canal Cruise

European cruises with Holland AmericaSouth America
Follow in the footsteps of Magellan, Drake and Shackleton to discover the ethereal beauty of Patagonia, Cape Horn and Antarctica. Cruise deep into the Amazon in search of rare species and sultry river towns.  Ponder the enigma of ancient Incans at Machu Picchu. Explore centuries old colonial cities and revel in the cosmopolitan energy of Rio de Janeiro, Buenos Aires and Santiago. Shop for fine wine, lapis, amber and leather goods. Throughout your cruise, we bring the history, culture and natural wonders of South America alive with our onboard Explorations Speaker Series and award winning shore excursions.
Holland America Line’s 7- to 66-day South America cruise vacations offer diverse itineraries and extended stays in exotic ports like Buenos Aires, Callao (Lima), Fuerte Amado (Panama City) and the Amazon’s Manaus.


Find your South America Cruise

Book a Holland America Cruise! Call 1-866-496-9862
Holland America – Cruise Ships
Holland America Cruise ship ms Amsterdamms Amsterdam is the third ship to bear the name of the Dutch capital in Holland America Line’s over 135-year history. Built at the Fincantieri shipyard in Marghera, Italy, the ms Amsterdam blends the very latest in shipbuilding technology with the artistry, personalized touches and superior service that has made Holland America Line one of the highest-rated cruise lines in the world. At the heart of the ms Amsterdam is the Planeto Astrolabium, a commissioned signature sculpture soaring in a three-story atrium. The stunning Astrolabe tracks constellations, the planets, world time and ship time. Dutch heritage and tradition is clearly displayed throughout the ship in original Art Deco pieces that once graced the Nieuw Amsterdam of 1938. For a contemporary touch, works of the noted maritime artist Stephen Card adorn public spaces.

Ship Facts
Ship’s Registry:  The Netherlands
Passenger capacity:  1,380
Crew members:  615
Gross tonnage:  62,735grt
Length:  780 feet
Beam:  105.8
Maximum speed:  22.5 knots

Holland America Cruise ship ms Maasdamms Maasdam was named for the Maas River in the Netherlands, as the fifth ship in Holland America Line’s 135-year history to bear the name. At 720-feet, the ms Maasdam is designed to carry fewer guests while providing more space for maximum comfort. Many staterooms feature commanding ocean views, and each suite has a private verandah. Featuring an interior motif that pays homage to the historical Dutch East and West India companies of the 17th through 19th centuries, the centerpiece of this elegant ship features Luciano Vistosi’s "Totem," a monumental sculpture using nearly 2,000 glimmering pieces of glass, prominently displayed in a soaring three-story atrium. Other intriguing art featured on the ms Maasdam are two abstract murals painted especially for the Rotterdam Dining Room and a collection of seven iron teapots and a charcoal brazier from Japan, which date from the end of Edo period.

Ship Facts
Ship’s Registry:  The Netherlands
Passenger capacity:  1,258
Crew members:  580
Gross Tonnage:  55,575 grt.
Length:  719 feet
Beam:  101 feet
Maximum speed:  22 knots
Dedicated:  December 1993, by actress June Allyson

Holland America Cruise ship ms Noordamms Noordam was launched in 2006, as the newest member of our renowned Vista-class ships. Named for the Northern compass point, she embraces the latest industry and environmental technologies such as her use of a diesel-electric power plant for optimal energy efficiency and an Azipod® propulsion system that maximizes maneuverability. On board ms Noordam you will discover museum-quality paintings such as an oil painting of the city of Utrecht painted in 1842, as well as contemporary art like the series of photographs of music greats Dizzy Gillespie and BB King. One of the most valuable pieces of furniture on board the ship is a remarkable inlaid chest flanked by carved wooden 17th-century Baroque columns.  Made in Germany in 1885, the chest is inlaid with ebony and precious stones.  Enjoy an onboard IPod® self-guided tour of the complete ms Noordam art collection. The ms Noordam exemplifies the classic style of ocean travel with contemporary amenities and modern enhancements.

Ship Facts
Ship’s Registry:  The Netherlands
Passenger capacity:  1,380
Crew members:  615
Gross tonnage:  62,735grt
Length:  780 feet
Beam:  105.8
Maximum speed:  22.5 knots

Holland America Cruise ship ms Prinsendamms Prinsendam was designed to explore the remote corners of the world in elegance and style, the ms Prinsendam is our most intimate ship. Accommodating just 835 passengers, she gives guests the feel of a classic yacht with the spaciousness of a cruise ship. The ms Prinsendam offers many cozy areas in which to find your favorite spot, most of her staterooms feature commanding ocean views and many have private verandahs.

A special signature sculpture dominates the three-story atrium featuring etched fish, turtles and dolphins climbing a stunning cylinder of Bolle glass and lit with state-of-the-art fiber optics. Other works of art include a remarkable abstract marble sculpture of a Viking ship by contemporary Norwegian artist Nicholas Widerberg, a series of paintings by impressionist painter Neil Pinkett, and an outstanding collection of Roman Amphorae from 50 – 150 AD. The ms Prinsendam, or “Princes” ship, is truly a classic ship worthy of her name.

Ship Facts
Ship’s Registry:  The Netherlands
Passenger capacity:  835
Crew members:  470
Gross Tonnage:  37,983 grt.
Length:  669 feet
Beam:  106 feet
Maximum speed:  22 knots
Dedicated:  June, 2002, by Rose Abello, Eva Andresen and Linda Ehlenberger, representing all of the employees of Holland America Line.

Holland America Cruise ship ms Ryndamms Ryndam – Grandly proportioned and recently enhanced, and offers an onboard experience defined by spacious comfort, and the latest Signature of Excellence features and amenities. Upgrades begin with new fixtures and soft goods in staterooms and bathrooms. Staterooms offer a generous amount of personal space and many feature commanding ocean views with private verandahs. Recent enhancements include remodeled public spaces, updated lounges and an exciting new entertainment destination called Mix featuring three distinctly themed bars. Together they provide the ultimate place to socialize and be entertained. With a Dutch worldwide exploration theme, the decor of ms Ryndam features art and artifacts from the 17th, 18th and 19th centuries. At the heart of ms Ryndam a three-story atrium features a monumental fountain created by sculptor Gilbert Lebigre in Pietrasanta, Italy. Guests aboard this spacious ship encounter elegance at every turn – from a string quartet serenade in the splendid Rotterdam Dining Room to the two-deck Vermeer Show Lounge. Luxuriously appointed and uniquely refined, Holland America Line’s ms Ryndam ensures you the ultimate onboard experience with her graceful combination of classic cruise ship features, state-of-the-art amenities, and sophisticated ambiance.

Ship Facts
Ship’s Registry:  The Netherlands
Passenger capacity:  1,260
Crew members:  580
Gross Tonnage:  55,819 grt.
Length:  719 feet
Beam:  101 feet
Maximum speed:  22 knots
Dedicated:  October 1994, by Mrs. Madeleine Arison
Re-launched:  October 2004, by Mrs. Madeleine Arison

Holland America Cruise ship ms Veendamms Veendam – Grandly proportioned and recently enhanced, the ms Veendam offers an onboard experience defined by spacious comfort and the latest Signature of Excellence features and amenities. Guests aboard the ms Veendam will not only enjoy elegant dining rooms, a $2 million art and antique collection, wide teak decks and spacious staterooms – many with private verandahs – but also new and exciting venues, stateroom options along with a complete update to all stateroom furnishings.

Ship Facts
Ship’s Registry:  The Netherlands
Passenger capacity:  1,350
Crew members:  580
Gross Tonnage:  57,092 grt.
Length:  719 feet
Beam:  101 feet
Maximum speed:  22 knots
Dedicated:  January 1996, by actress Debbie Reynolds

Holland America Cruise ship ms Volendamms Volendam is the beautiful garden theme of the ms Volendam is reflected in an artful floral motif throughout the ship’s spacious public rooms and elegant staterooms. “Flowers” can be found in abundance in the forms of floral fabrics and tapestries, as well as huge vases of tropical floral arrangements and chrysanthemums. In addition to fresh flowers throughout the ship, Holland America Line has drawn on its collection of incredible artwork to enhance the interior of the ship’s public spaces. Everything from pre-Columbian fetishes and sculptures to Renaissance-era fountains imported from Italy are included in its hallway galleries. At the heart of the ship an elegant sculpture by Luciano Vistosi, inspired by the myriad of moods and colors of a kaleidoscope, greets visitors in a soaring three-story atrium.

Ship Facts
Ship’s Registry:  The Netherlands
Passenger capacity:  1,432
Crew members:  615
Gross Tonnage:  61,214 grt.
Length:  781 feet
Beam:  105.8 feet
Maximum speed:  23 knots
Dedicated:  November 1999, by tennis professional Chris Evert

Holland America Cruise ship ms Zuiderdam
ms Zuiderdam began her inaugural season in 2002 as the first ship in our Vista-class series. She embraces the latest industry and environmental technologies such as her use of a diesel-electric power plant for optimal energy efficiency and an Azipod propulsion system. At the heart of the ms Zuiderdam, suspended in a three-story atrium, a Waterford Crystal Seahorse sets the mood for exquisite pieces of art to be seen throughout this elegant ship. Other notable pieces include a painting of Queen Beatrix by pop culture artist and icon, Andy Warhol, medallions by Frank Lloyd Wright, cast aluminum elevator doors inspired by the art deco work of the New York Chrysler Building, and a massive floral painting by Charles Ben. You will also discover a large collection of antiques and centuries-old paintings throughout the ship.

Ship Facts
Ship’s Registry:  The Netherlands
Passenger capacity:  2,104
Crew members:  929
Gross tonnage:  86,273grt
Length:  936 feet
Beam:  105.8
Maximum speed:  23.9 knots
Dedicated:  July 2008, by H.M. Queen Beatrix of the Netherlands

Holland America Cruise ship ms Eurodam
ms Eurodam launched her maiden voyage in July of 2008,and marks Holland America Line’s new Signature-class ships. The ms Eurodam furthers the evolution of our sophisticated mid-sized ships with 11 passenger decks, a new topside Pan-Asian restaurant and lounge surrounded by panoramic views, an Explorer’s Lounge bar, a new Italian restaurant adjacent to the Lido, elegant luxury jewelry boutique, new atrium bar area, an enhanced and reconfigured show lounge and a new photographic and imaging center. On the technical side, the ms Eurodam features the latest state-of-the-art navigation and safety systems. The ship is powered by six diesel generators and propelled by the latest Azipod® propulsion technology.

Ship Facts
Ship’s Registry:  The Netherlands
Passenger capacity:  2,104
Crew members:  929
Gross tonnage:  86,273grt
Length:  936 feet
Beam:  105.8
Maximum speed:  23.9 knots
Dedicated:  July 2008, by H.M. Queen Beatrix of the Netherlands

Holland America Cruise ship ms Nieuw Amsterdam
ms Nieuw Amsterdam was launched from Italian shipbuilder Fincantieri’s Marghera shipyard in Venice on July 4, 2010, the 86,000-ton Nieuw Amsterdam celebrates the glamour and history of New York City, formerly called Nieuw Amsterdam, with its inspired interior design and art collection. Holland America Line has installed an array of works valued at over $3 million, ranging from antiques by traditional Dutch masters to creations by renowned contemporary artists. Some pieces reflect the Dutch Golden Age while others, such as the spectacular centerpiece in the atrium, express a contemporary curiosity. Adorning the ceiling of Nieuw Amsterdam is an eye-catching abstract sculpture of the inverted New York skyline made from clear translucent blocks that hang upside-down. The sculpture was created by husband and wife Italian artists Gilbert Lebigre and Corinne Roger of Creazioni Lebigre & Roger. The significant collection, which includes works by celebrated artists Andy Warhol, Richard Estes and Roy Lichtenstein, continues with astounding displays throughout the ship.

Ship Facts
Ship’s Registry:  The Netherlands
Passenger capacity:  2,106
Crew members:  929
Gross tonnage:  86,700grt
Length:  936 feet
Beam:  105.8
Maximum speed:  23.9 knots

Holland America Cruise ship ms Oosterdam
ms Oosterdam was officially christened in 2003 by Her Dutch Royal Highness, Princess Margriet of the Netherlands, the ms Oosterdam is the second in our series of Vista-class ships. As such she embraces the latest industry and environmental technologies such as her use of a diesel-electric power plant for optimal energy efficiency and an Azipod propulsion system that maximizes maneuverability. Symbolic of Holland America Line’s more than 135-year history of circumnavigating the globe, the centerpiece of the ms Oosterdam is a magnificent Waterford crystal globe, prominently displayed in a three-story atrium. First-time cruisers aboard this ship will quickly recognize the traditional touches that make Holland America cruisers regulars: a warm palette of colors accentuating an extensive use of crystal, marble, inlaid woods and brass, lovely flower arrangements, priceless artwork and antiques and a full wraparound teak promenade deck with padded deck chairs.

Ship Facts
Ship’s Registry:  The Netherlands
Passenger capacity:  1,916
Crew members:  817
Gross Tonnage:  82,305 grt.
Length:  936 feet
Beam:  105.8 feet
Maximum speed:  24 knots
Dedicated:  July 2003, by HRH Princess Margriet of the Netherlands

Holland America Cruise ship ms Rotterdam
ms Rotterdam is the standard-bearer for our fleet of ships, never more so than now, with the latest Signature of Excellence enhancements completed in December 2009. We are pleased to introduce our latest innovation, Lanai staterooms, to ms Rotterdam. Your onboard experience will be defined by spacious, artfully appointed public areas and the latest Signature of Excellence venues, features and amenities. Guests aboard will enjoy elegant dining rooms, a $2 million art and antique collection, wide teak decks and spacious staterooms – many with private verandahs. Our stateroom enhancements include expanded stateroom choices and a complete update to all stateroom furnishings. Ms Rotterdam ensures you the ultimate onboard experience with her graceful combination of classic cruise ship features and state-of-the-art amenities.

Ship Facts
Ship’s Registry:  The Netherlands
Passenger capacity:  1,404
Crew members:  600
Gross Tonnage:  61,849 grt.
Length:  780 feet
Beam:  105.8 feet
Maximum speed:  25 knots
Dedicated:  December 1997, by HRH Princess Margriet of the Netherlands

Holland America Cruise ship ms Statendam
ms Statendam Grandly proportioned and recently enhanced, and offers an onboard experience defined by spacious comfort, and the latest Signature of Excellence features and amenities. Upgrades begin with new fixtures and soft goods in staterooms and bathrooms. Staterooms offer a generous amount of personal space and many feature commanding ocean views with private verandahs. Recent enhancements include remodeled public spaces, updated lounges and an exciting new entertainment destination called Mix featuring three distinctly themed bars. Together they provide the ultimate place to socialize and be entertained. Exhibiting a theme of historical Dutch life and exploration, ms Statendam features more than $2 million worth of art and rare artifacts beautifully displayed throughout the ship. The Van Gogh Theater is a work of art in itself, commemorating Dutch artist Vincent Van Gogh’s paintings “The Starry Night” and “Irises.” At the heart of the ms Statendam a three-story atrium showcases an elaborate 26-foot-high sculpture titled “Fountain of the Siren.” Luxuriously appointed and uniquely refined, Holland America Line’s ms Statendam ensures you the ultimate onboard experience with her graceful combination of classic cruise ship features, state-of-the-art amenities, and sophisticated ambiance.

Ship Facts
Ship’s Registry:  The Netherlands
Passenger capacity:  1,260
Crew members:  580
Gross Tonnage:  55,819 grt.
Length:  719 feet
Beam:  101 feet
Maximum speed:  22 knots
Dedicated:  January 1993, by Mrs. Lin Arison

Holland America Cruise ship ms Westerdam
ms Westerdam is the third in Holland America Line’s series of Vista-class ships. As such, she embraces the latest industry and environmental technologies such as her use of a diesel-electric power plant for optimal energy efficiency and an Azipod propulsion system. Most of her staterooms have ocean views and many have private verandahs. The theme of ms Westerdam’s art collection is Dutch heritage in the New World. Art ranges from paintings of historic Dutch ships, such as Henry Hudson’s Half Moon, to a huge Indian silver-overlaid wood palace doorway, a bone tobacco pipe carved in the shape of a woman’s head to a collection of 5,000-year-old pre-Columbian carved limestone figures from Ecuador. Contemporary pieces include an original Andy Warhol portrait and signature sculptures by Sedona artist Susanna Holt.

Ship Facts
Ship’s Registry:  The Netherlands
Passenger capacity:  1,916
Crew members:  817
Gross Tonnage:  82,348 grt.
Length:  936 feet
Beam:  105.8 feet
Maximum speed:  24 knots
Dedicated:  April 2004, actress Renée Soutendijk

Holland America Cruise ship ms Zaandamms Zaandam
Designed to carry fewer guests while providing more space for maximum comfort, the ms Zaandam is a prize in the mid-size ship category.  Offering spacious public areas and plush accommodations, many staterooms have private verandahs. The musically themed ms Zaandam offers a unique shipboard atmosphere. Inspired by the world’s great music, artifacts and memorabilia from a variety of musical genres decorate the ship. You’ll find musical instruments such as Bill Clinton’s saxophone and signed guitars from Queen, Iggy Pop, Eric Clapton and the Rolling Stones used as art objects throughout the ship. At the heart of the ms Zaandam, in a soaring three-story atrium: a Baroque-style Dutch pipe organ, inspired by the traditional barrel organs still found on the streets of The Netherlands. Enjoy an onboard IPod self-guided tour of the complete Zaandam art collection.

Ship Facts
Ship’s Registry:  The Netherlands
Passenger capacity:  1,432
Crew members:  615
Gross Tonnage:  61,396 grt.
Length:  781 feet
Beam:  105.8 feet
Maximum speed:  23 knots
Dedicated:  May 2000, by actresses Mary-Kate & Ashley Olsen

Book a Holland America Cruise! Call 1-866-496-9862
*Photos provided by HollandAmerica.com
Drainware - Jose Ramon Palanco

Projects

Drainware

22 January, 2020

Tags: , , , , , ,

Between 2011 and 2014 we developed (Cristian Sandoval, Marco Lojo, Antonio Moreno, .. among others) a Cloud Platform with DLP capabilities, now in 2020 it is Open Source. It was a very cool technology at that time, we used mongo, redis, rabbitmq, .. among other technologies. Most of the magic was inside the endpoint, written in C++.

This product is able to identify data leaks in buffers like the clipboard, screenshot (OCR), … monitor removable devices, network units, applications (minifilter driver), cloud apps (dropbox, one drive, google drive), printer (OCR), …

It uses geolocation based on the SSIDs using google location services to track stolen devices or known when a device was located when the data leak was performed.

It also comes with a basic sandbox to freeze applications abused by exploits by detecting suspicious traces in memory like nop-sled, heap-spray, ….

One of the coolest features was the distributed search across all endpoints of the organization. It was possible to find files, emails, documents, …

Another interesting feature is that the endpoint includes a PHP interpreter to run callbacks or create validators based in regular expressions, REST API calls or whatever you can imagine. It also uses ADS, ssdeep and several fun things you will find browsing into the code.

Promo video:

Now this project is opensource!

The code

You can download the source code at Github:

https://github.com/drainware

DISCLAIRME: Use the code under your own responsibility. This project is not maintained for a long time, so most of the dependencies are obsoletes and some of them vulnerable.

Screencasts

Drainware Intro:

Drainware DLP:

DLP Storage:

DLP Custom rules:

 

 

 

Manual

 

Introduction

This manual is written either to be read sequentially the first time, or can be used as a reference guide. During this reading you can find notices in the following formats:

Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotations: Concept clarifications

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!: Important concepts to keep in mind

Tip: Tricks, shortcuts and other tips

About Drainware

Drainware is a security platform that is like a service. It has several modules to protect the information and/or the computers that contain this information.

We offer Freemium license which means you can start using it for free with some restrictions in its features.

Requirements

Operating System

Drainware can be deployed on computers with Microsoft Windows OS installed. The currently supported versions are the following:

OS Architecture
Windows XP x86
Windows 7/8 x86/x64
Windows 10 x86/x64

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!

Windows XP is supported only with Service Pack 3 or later. We also have support for Windows XP SP2, but you have to install the following components:

Windows Search 4.0 for Windows XP (KB940157)

Wireless LAN API (KB918997)

    1. Minimum Hardware

CPU: Intel Pentium III 1 GHz or faster

RAM: 1 GB (2GB recommended)

HDD: 200 MB

Installation

Signing up in the system

Before installing Drainware, it’s necessary to have an account on the platform. To sign up in the system you’ll have to go to the official Drainware website at https://www.drainware.com and click on the sign-up button in the top-right menu.

 

home

register

This will show us a form where we must input the information requested: registry data, company name, VAT ID, and the number of employees.

The e-mail will be associated with your account and it won’t be able to be changed in the future.

For the number of employees field, we only have to consider the ones that normally work with a computer.

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!: The password must have at least 8 characters.

Afterward, you will receive an e-mail that will allow you to validate your new account.

register_mail

When the license has been validated, it will redirect us to the sign-in page where we will have to input the e-mail and the password that we have entered in before.

login

Software endpoint installation

Once we have the license validated and entered our credentials, we are correctly signed in and able to download the software. After sign in, we have the possibility to download the installer. To the right of the download link, we have the license number that is a 16 digit code that we will need during the installation.

Download

This installer will install the 32 or 64-bit version, depending on the operative system used.

Advanced Installation

It is possible to deploy the endpoint in an unattended manner. This is very useful if you have a lot of users and you want to deploy it on a mass scale.

To do that, you can find the .msi installers available in the following URL

http://update.drainware.com/

The procedure to install it through the command line is below (where you must replace the red text by your license number):

msiexec /i file.msi /quiet /noreboot DDI_LIC=XXXX-XXXX-XXXX-XXXX

If you prefer you can use this logon script:

Name: drainware_logon.vbs

Function GetWindowsArchitecture(strComputerName)

Set objWMI = GetObject("winmgmts://" & strComputerName & "/root/cimv2")

Set colItems = objWMI.ExecQuery("Select * from Win32_OperatingSystem", , 48)




For Each objItem In colItems

GetWindowsArchitecture = "32-bit"

If left(objItem.Version,3) >= 6.0 Then

GetWindowsArchitecture = objItem.OSArchitecture

End If

Next

End Function

Function GetProgramsFolder()

Set wshShell = WScript.CreateObject("WScript.Shell")

GetProgramsFolder = wshShell.ExpandEnvironmentStrings("%programfiles%")

End Function

Function ExistDrainwareSecurityDir()

Set objFSO = CreateObject("Scripting.FileSystemObject")

ExistDrainwareSecurityDir = objFSO.FileExists(GetProgramsFolder() & "\Drainware\Drainware Security Endpoint\DrainwareSecurityAgent.exe")

End Function

Function DownloadDSE(strRemoteDSE, strLocalDir)

Set objFSO = CreateObject("Scripting.FileSystemObject")

objFSO.CopyFile strRemoteDSE, strLocalDir & "\"

End Function

Function InstallDSE(strLicense, strRepository)

If Not ExistDrainwareSecurityDir() Then

Set wshShell = WScript.CreateObject("WScript.Shell")

Select Case GetWindowsArchitecture(".")

Case "64-bit"

Rem Msgbox "Installing Endpoint 64-bit " & strLicense

strRemoteDSE = strRepository & "\SetupCloud.msi"

strLocalDSE = wshShell.ExpandEnvironmentStrings("%temp%") & "\SetupCloud.msi"

Case "32-bit"

Rem Msgbox "Installing Endpoint 32-bit " & strLicense

strRemoteDSE = strRepository & "\SetupCloud32.msi"

strLocalDSE = wshShell.ExpandEnvironmentStrings("%temp%") & "\SetupCloud32.msi"

End Select

DownloadDSE strRemoteDSE, wshShell.ExpandEnvironmentStrings("%temp%")

Rem Msgbox "msiexec /qn /i " & strLocalDSE & " ddi_lic=" & strLicense

Rem WshShell.Run "msiexec /qn /i " & strLocalDSE & " ddi_lic=" & strLicense

Msgbox "Your computer will restart after a few seconds"

End If

End Function

Dim strLicense

Dim strRepository

strLicense = WScript.Arguments(0)

strRepository = WScript.Arguments(1)

InstallDSE strLicense, strRepository

 

Usage:

drainware_logon.vbs LICENSE LOCATION

example: drainware_logon.vbs XXXX-XXXX-XXXX-XXXX \\mynas\resources\dlp\

The location must contains both msi files (for x86 and x64)

Useful links

Create a GPO (Windows 2008)

Initial configuration

In this section, we will go through the initial configuration of Drainware. These are the available options in the left menu (red area) of Drainware once you sign in.

menu

Credentials

In this section, we can update our password. If we want to change it, we also have to fill in the current password.

credentials

Subscription

Drainware has two different subscription types. One is the Freemium option, which offers a monthly service with a limit of 500 security events; after 500 events, the organization will be unprotected until the first day of the next month.

On the other hand, we offer a Premium subscription that is based on the number of users you wish to protect. The Premium subscription includes unlimited events (as long as use remains reasonable).

In this section, it is possible to check the validity of the subscription and upgrade it in the case of using a Freemium subscription.

If you have questions about this section, please write an e-mail to sales@drainware.com and our sales team will be happy to assist you.

Groups

It is possible that in your organization you would like to apply different policies depending on groups of users. We can organize the groups by areas or departments, depending on the requirements of the organization.

In this section, we can create the groups inside our platform and then apply policies directly over them.

It is possible to integrate the groups in the organization directly with Drainware, and this topic is explained in more detail in section 4.5.

Users

Every time that user logs in to a computer protected with Drainware, the server is notified, and it will register it in the system. From that moment, we can associate that user to one or more groups.

Authentication

To integrate Drainware with your organization, we offer an authentication module. We have 2 different options to configure the authentication module: local authentication or LDAP.

By default, Drainware works in the local authentication mode, in such a way that the group information is already in our platform.

With the LDAP option, it’s possible to integrate an LDAP server or Active Directory Domain to be able to use the users and groups of the organization.

If you want to integrate LDAP, it’s necessary to open the LDAP port to the Internet. We recommend opening it with SSL exclusively.

If you want to integrate it with Active Directory, you should use the following information:

Field Value
Type LDAP
SSL Depending on your configuration
Version 2.0
Host IP or Computer Name
Port 389 or 636 if it’s SSL
DN DOMAIN\user
Password User Password
Base DC=DOMAIN, DC=LOCAL
User Attr sAMAccountName
Recursive Groups Optional

We recommend to use always LDAP with SSL and to block any connection except if it comes from our public IP Adress.

We also have the “Recursive Groups” option. This option allows users in nested groups to resolve the groups to which they don’t directly belong.

Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotation: If an LDAP user doesn’t belong to any of the imported groups, it will belong to the default group automatically.

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

When the LDAP is integrated, all users will be available in the platform however the same doesn’t happen with the groups. The groups must be imported one by one from the group’s section, which will also be integrated with LDAP.

Time Zone

It’s possible that the employees of an organization work or travel around the world. Therefore, in Drainware, we work with the UTC time zone. In order to translate the time between different time zones, we offer the possibility to select the time zone where the administrator wishes to see the events.

Dashboard

The main window of Drainware shows an overview of the security events that happened since the installation of Drainware. It also shows the details of the events that happened since the beginning of every month.

Macintosh HD:Users:jose:Desktop:dashboard.png

For Freemium users, it shows a status bar that shows the monthly events. When the number of events reaches 500, Drainware will stop working until the beginning of the next month. The administrator will then receive an e-mail notification that the organization is not protected with Drainware anymore.

Tip:

To the right of the monthly events bar, you can find a link to get more free events per month in the Freemium version. To receive more free events, you only have to share a link with the reference code. For every verified installation referred to this code, Drainware will give you 100 extra free events per month.

DLP

In the DLP module (Data Loss Prevention), we can control the confidential information inside the organization to prevent data leaks.

Macintosh HD:Users:jose:Desktop:menu_dlp.png

Policies

The policies define what information you want to monitor and what action will be carried out. In the policies creation section, we provide a wizard that makes the whole process easier. We’re going to create a policy with the name POL001 and the description of “Policy 1”.

Macintosh HD:Users:jose:Desktop:pol1.png

In the first step we have to provide a name and a short description of the policy:

Macintosh HD:Users:jose:Desktop:pol2.png

In the next step, we have to define the information that we want to protect.

We can see the next menu:

  • Concepts / Subconcepts: patterns predefined by Drainware to identify the information.
  • Applications: applications that we’ll deny any access to confidential information.

As we continue configuring Drainware, this section will contain other elements such as rules, files, and network sites; which will see in the next sections.

Macintosh HD:Users:jose:Desktop:pol3.png

If we expand the Concepts/Subconcepts we will see a big list of categories. We can include a subconcept in our policy like Visa or the credit card concept that would include all credit card types.

Macintosh HD:Users:jose:Desktop:pol4.png

In the applications section, we can see a list (that can be extended by the user) that allows the blocking of several programs.

Macintosh HD:Users:jose:Desktop:pol5.png

In Step 3 we can see a list of the groups that we have already imported, the action that will be carried out, and the severity (how severe is the group of users that triggered the policy).

Macintosh HD:Users:jose:Desktop:pol6.png

We only have to select the groups that we want to be affected by the policy. When defining the action, it can be:

  • Log: logs the event in the Drainware database for audit purposes.
  • Alert: an e-mail is sent by default to the e-mail address used for sign up in Drainware, but it can be overridden by another address specified only for this policy.
  • Block: prevents filtering of information.

In all cases, the employee that executes the policy will see a notification.

Macintosh HD:Users:jose:Desktop:pol7.png

We only have to click the “Finalize” button and the policy will be created.

Macintosh HD:Users:jose:Desktop:pol8.png

Every time we create a policy, it will appear in the policies list. In this list, we have 3 buttons:

  • Configuration: we can configure the information to protect, like we configured in step 2.
  • Action: we can re-define actions for the different groups, like we configured in step 3.
  • Remove: removes the policy.

Once the policy is created, it can’t be renamed.

Macintosh HD:Users:jose:Desktop:pol9.png

Rules

With “Rules”, we can define our own information patterns to protect inside the policies. We can include, for example, confidential footers that we usually introduce in documents with confidential information. We can also add regular expressions that describe any confidential documents that we want to protect.

To create a rule, we have to introduce a name without spaces and special characters (A), a description (B), optionally, we can include a verification function in PHP (C) and we can define which policies we want to associate with this rule (D). Like policies, rules can’t be renamed either.

Tip:

If we want to use a verification function in PHP, it will receive the variable “$match” that contains the resulting match after the regular expression is applied. It will be necessary that after analyzing $match, it will assign TRUE (accept match) or FALSE (deny match) to the “$return_val” variable.

Macintosh HD:Users:jose:Desktop:rule.png

Files

For very exceptional cases, it’s possible that a rule can’t cover all our requirements and we’d want to sign up for a file. In these cases, we can upload a file to help Drainware to identify when someone is trying to filter information.

The procedure is very simple. We can upload one or more files and they will be automatically available to associate with our policies. We only have to go to the policy configuration and select the filename.

Every time we upload a file, this will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:files.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Before uploading a file, we suggest to use a unique filename or even put the current date to distinguish it from another with the same name.

 

Network Sites

In the network sites section, we can add Windows shared folders with the format \\server\resource.

This functionality is one of the most interesting ones. The endpoint software is ready to identify all the files copied in a computer from the shared folder added in Drainware. Once the file is copied, Drainware will check every file or every copy of them throughout the computer’s file system, allowing you to work with it, but denying its filtration.

For Network URI, we have to input the shared folder location., We must also introduce a short description, and then select the different policies to apply.

It will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:network place.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Only files that have been copied after add the shared folder will be monitored.

 

Applications

To add more applications and include them in our policies, we can add them in the “Manage Applications” section.

To add a new application, we will need its name, for example, iexplorer.exe, or skype.exe. Similarly to the other sections, we have to put a short description and select the policies to associate with it. It will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:apps.png

Advanced

Description: Macintosh HD:Users:jose:Desktop:block_crypt.png In the Advanced section of Drainware, we can configure the behavior of the DLP. We have 3 sections to configure its behavior.

The first section will allow us to block access to encrypted information within particular groups. The behavior will be the same as a file affected by blocked policy.

Description: Macintosh HD:Users:jose:Desktop:evidence.png

The second section will allow us to collect evidence every time an event is carried out. This configuration is directly related to an action defined in the policy, where we can define a criticality level for each group. In this configuration, we can select ‘None’ if we don’t want to collect evidence or the minimum level from which we would want to make for the collection. If we select the low level, the collection will be available for the low, medium, and high levels. If we select the medium level, it will be available only for the medium and high levels. And if we select high, it will be available only for that level.

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

The configuration of the evidence collector is only available for the Premium users. The Freemium users will receive the first 3 screenshots every month.

 

In the last section, we can globally enable or disable modules that affect all policies. In Drainware we consider 3 types of elements:

  • Source: information origin
  • Sink: information destination
  • Pipe: information channel

Description: Macintosh HD:Users:jose:Desktop:dlp_advanced.png

In sources, we currently only have “Network device”. That allows us to recognize Windows shared folders. If we disable this origin, the “Network Sites” section will stop working and it won’t be visible in the menu anymore.

In Sinks we have several modules that monitor the application of the corresponding action (block, alert or log):

  • Dropbox
  • Skydrive
  • Google Drive
  • Network Device
  • Pendrive
  • Printer

Finally, in Pipes we can monitor:

  • Clipboard Image
  • Clipboard Text
  • Keylogger

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

The keylogger module doesn’t allow block the tipping, because until it isn’t written it can’t be analyzed.

 

Notifications

Notifications can’t be configured in the DLP menu, they must be defined in the “General” section, but they are directly related to the DLP.

The notifications allow, as long as we have a browser opened and logged in, the receiving of notifications in real-time when an event is carried out.

We don’t recommend enabling the notifications for all actions and events, because, if they are executed regularly, it can be annoying.

The notifications are HTML5 notifications and they are integrated with the desktop of the operating system, as long as the browser and the operating system support it.

Description: Macintosh HD:Users:jose:Desktop:notifications.png

Sandbox

The Sandbox feature allows us to protect applications against virus. It’s not an antivirus replacement, but rather, a complement.

Description: Macintosh HD:Users:jose:Desktop:menu_sandbox.png

Previously, hackers took advantage of security problems in the server’s software to gain access to the organization. But a security suite was developed to enable firewalls, IDS, IPS…

In the last few years, hackers have taken advantage of new vectors. Using tools like LinkedIn, they can discover who a financially responsible person is, and what contacts he has. From that moment they can make an attack based on spear-phishing that consists of sent e-mails assuming his identity with an attached PDF or an URL that steals data or opens a connection to the outside.

Applications

In Drainware, we develop rules that allow us to block the affected applications before the system will be affected.

Description: Macintosh HD:Users:jose:Desktop:sandbox.png

Inspector

With the Inspector module, you can search in real-time over all the computers in the organization.

Description: Macintosh HD:Users:jose:Desktop:menu_inspector.png

It’s possible that in the organization we have a person or a group of people working with the kind of information to which they shouldn’t have access. It could be done unconsciously or premeditated. Either way, we can find out with the Inspector tool.

Furthermore, once we have experienced a leak of information, it is often very difficult to check all the computers where the related document was. With Inspector, it is possible in seconds, to find very specific files, download them, and even browse through the file system of the computers affected.

Remote search

With the remote search we can start to obtain results.

Description: Macintosh HD:Users:jose:Desktop:search_result.png

The search can take several minutes. The results are shown grouped by the name of the computer where the file was found. Expanding the results by computer, it’s possible to see the file details by clicking on it. We can see information about the modification date, file name, mime type, creation date, and short information about the file header. It’s also possible to download it.

Description: Macintosh HD:Users:jose:Desktop:details.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

You shouldn’t search by very short terms or generic terms. The result can take too much time or it can be unmanageable.

 

It’s possible to browse through one of the computers listed in the results. To do this, you must click on the computer name or IP address (red area).

Description: Macintosh HD:Users:jose:Desktop:browse.png

The file explorer feature is further detailed in section 7.3 of this manual.

Multiple Remote Searches

If we want to search for a lot of terms, it’s possible to use the Multiple Remote Searches function.

To use this feature, you have to create a file with all the search terms in one line, separated by commas. We can create different lines, each one with its own keywords.

keyWordGroupA-1, keyWordGroupA-2, keyWordGroupA-3

keyWordGroupB-1, keyWordGroupB-2

keyWordGroupC-1, keyWordGroupC-2, keyWordGroupC-3

The file extension must be TXT. In addition to uploading the file, we must input a name for this report.

Description: Macintosh HD:Users:jose:Desktop:multiple.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

You shouldn’t search for very short terms or generic terms. The results can take too much time to obtain, or the results can be unmanageable.

 

Remote Files explorer

The Remote Files Explorer allows us to inspect any computer in the organization with Drainware installed.

We will have to provide some details about the computer: computer name, IP address, and optionally, the path. From this point, we can browse through any device in the computer and even download files.

Description: Macintosh HD:Users:jose:Desktop:browse_details.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Drainware is not developed to be an FTP server. Downloading a file with several MB in size can take several minutes until the download starts.

Remote Devices

With this feature, we can see the geographic position of all the devices that have Drainware installed.

In most cases, the geolocation is performed through the IP address, but when the Wi-Fi is activated, it’s possible that the geolocation is performed through Wi-Fi triangulation.

Description: Macintosh HD:Users:jose:Desktop:inspector_map.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Make sure that you don’t refresh the webpage until all the endpoints have responded, especially in networks with thousands of endpoints, as the webpage loading could take several minutes.

In addition to the geolocation of the devices, it’s possible to get a network map encapsulating all the computers that belong to the same ranges. To that effect, we will click on the Network View tab.

Description: Macintosh HD:Users:jose:Desktop:Screen Shot 2013-11-19 at 14.59.29.png

The results are shown in circles, where every circle represents a range or a group of ranges.

Description: Macintosh HD:Users:jose:Desktop:network-1.png

Description: Macintosh HD:Users:jose:Desktop:network3.png It’s possible to click on the segments that we want to inspect and see all the computers connected at that moment.

Reporter

With the Reporter module, we can have access to the data recorded by Drainware. We can get details of every module or statistic from the global behavior of the DLP, Inspector, or Sandbox.

Description: Macintosh HD:Users:jose:Desktop:menu_reporter.png

DLP Events

Once we open the DLP events information, we can see a graph with all the events related to the data leak. Under the graph, we can see a table with a list of related events, ordered from the most recent to the oldest. The table has some controls at the bottom where we can refresh it or browse through.

Description: Macintosh HD:Users:jose:Desktop:DLP.png

The list only shows a preview of the event. If we want to see detailed information, we must click on it.

The details of each event are shown in a table that provides all the information related to the event. Depending on the configuration, it’s also possible to see a screenshot done at the same moment that the event was carried out.

Description: Macintosh HD:Users:jose:Desktop:DLP_events.png

Description: Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotations: Freemium users can only see the first 3 screenshots every month.

Under the table, there is a button which generates a report with the latest security events.

Description: Macintosh HD:Users:jose:Desktop:export.png

If we want to find events by a range of dates, event type, policy, severity, rule, etc., we can use the “Advanced Query” system. As we can have a result with too many events, it’s possible to fill in the maximum number of events we want to show in the result.

Description: Macintosh HD:Users:jose:Desktop:DLP_reporter_Search.png

Every time a query is generated, it’s possible to export the results in CSV format. In order to do this, you have to click on the Generate Report button at the end of the page:

Description: Macintosh HD:Users:jose:Desktop:export.png

DLP Stats

The events and detail of events information is interesting, but in many cases, it’s necessary to have a view at a higher level of what is happening with confidential information or to know how the policies that we have configured are working. To do so, we will create data analysis and statistics.

Activity

In the same graph, it represents the average between severity, action, and the number of events. The policies with more events are located to the right, with the vertical axis representing the average of the actions carried out, where the block is the highest part. The average of the severity is shown in the size of the circle. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:dlp_report.png

Groups by policy

In this graph we can see the groups that carried out more events of one policy. In the top left combo box, you can select a period of time. In the top right combo box, you can select the policy.

Description: Macintosh HD:Users:jose:Desktop:group_by_policy.png

Users by policy

In this graph, we can see the users that carried out more events of one policy. In the top left combo box, you can select a period of time. In the top right combo box, you can select the policy.

Description: Macintosh HD:Users:jose:Desktop:user_by_policy.png

Policy

With the policy graph, we can analyze the policies with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:policy.png

Groups

With the policy graph we can analyze the groups with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:group.png

Sandbox Events

We can see a graph with related events with attempts to abuse applications. Under the graph, we can see a table with the list of events, ordered from the most recent to the oldest. The table has some controls at the bottom where we can refresh it or browse through.

Sandbox Stats

Applications

With the applications graph, we can analyze the policies with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:sandbox_apps.png

Groups

With the policy graph, we can analyze the groups with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:sandbox_groups.png

Inspector search reports

When we make multiple remote searches from the Inspector section, the results are generated in this section. We can find the report by a range of dates to download in Microsoft Excel format.

Description: Macintosh HD:Users:jose:Desktop:reporter_inspector.png

Troubleshooting

Corporate Proxy

Drainware supports connection through a proxy, either configured in the system or auto-configured. However, if the proxy uses authentication, it’s necessary to enable “*.drainware.com” in the accessible domains without authentication.

If you are using SQUID, the configuration would be the next one:

acl drainware dstdomain .drainware.com

acl CONNECT method CONNECT

acl dwCONNECT dstdomain .drainware.com

http_access allow CONNECT dwCONNECT localnet

http_access allow drainware localnet

 

Share with your friends










Submit

Author

Jose Palanco

VP Threat Intelligence at ElevenPaths