MSC Cruises


MSC Cruises offers a wide range of destinations and itineraries from charming Mediterranean Sea and the breathtaking landscapes of Northern Europe to sun-soaked Caribbean beaches, lively North America metropolis, vibrant South America countries and South Africa spectacular sunsets. For pure romance and relaxation why not choose an MSC Cruises’ ocean voyage? You will wake to the gentle lapping of the waves, bask on the deck in the sun’s warm embrace or gaze in wonder at the night sky while the timeless allure of the sea will gradually work its subtle magic on you.
MSC Cruises – Destinations
Mediterranean cruises with MSC CruisesMediterranean
Mediterranean cruises are something of a speciality for MSC. As you travel from pretty ports and beautiful beaches via magnificent islands, you will discover how our Mediterranean origins provide us with a unique expertise enabling us to reveal the secret gems of the Mediterranean and its islands to you. What’s more, our Mediterranean cruises are updated with new and exciting travel itineraries every year.

Our luxury Mediterranean cruises are designed to showcase the rich history of this region, creating a memorable vacation wrapped up in a fantastic holiday package, where there really is something for everyone. History lovers can roam the majestic Ephesian ruins, discover the imposing Athenian Acropolis and travel back in time as they experience the Colossus of Rhodes and the Coliseum of Rome. If you’re off on a special break nothing says amore quite like an MSC Mediterranean cruise.

Whether you’re visiting the ‘love island’ of Capri, riding a Venetian gondola or tucking into world class pizza in Naples, you can enjoy the best of this wonderful region. Elsewhere, you can take in a vibrant flamenco show in Spain, browse the labyrinthine Turkish bazaars or simply soak up the sun on the sandy shores of the Greek islands. In 2011, we have more Mediterranean cruises than ever before. From Athens to Ajaccio, Bari, Corfu and beyond, MSC Cruises have the Med™ well and truly covered!

Find your Eastern Mediterranean Cruise

Find your Western Meditteranean Cruise

North America cruises with MSC CruisesNorth America
From the razzmatazz of New York to the wide open spaces of Canada, you’re invited to join us on MSC Cruises North American cruise, a dramatic way to experience the northeast. North America really is a New World waiting to be discovered and we are very excited about our new cruise line destination.

Departing from New York or Quebec City, the new cruises work their way up and down North America’s East Coast, exploring Canada and New England. And there’s even the option to cruise on south to Florida, the Sunshine State. MSC Cruises offers several different North American cruise deals, each lasting 8 or 13 days.

Follow in the footsteps of the early European settlers in North America as you cruise past the dramatic coastline of Canada and New England, sailing into immense natural harbours and visiting charming towns steeped in the history of North America’s colonial period. Visit New England towns such as Newport, home to the famous Newport Mansions, and Bar Harbor, gateway to Acadia National Park and Cadillac Mountain, the highest point on the East Coast. Not forgetting Boston, Massachusetts, the largest city in New England and one of the oldest in North America.

From remote Newfoundland to the Acadian settlements of Nova Scotia and Prince Edward Island to the cultural importance of Quebec City, the East Coast of Canada glitters with unexpected gems. And what North America cruise holiday would be complete without experiencing the unique energy of New York City? The most dynamic city on the East Coast – and indeed anywhere in North America and possibly the world – New York is the perfect vacation destination!!

Canadian and New England cruises with MSC Cruises CruisesSouth Africa
Indulge in a holiday to remember, one steeped in exoticism, escapism, luxury and style. MSC Cruises South Africa cruise is designed to stimulate the senses as you take in everything from the beautiful Portuguese Island to the bustling port city of Durban, all under the magical African sun.

Join MSC Cruises on an unforgettable adventure with a cruise to one of the world’s most fascinating continents. Immerse yourself in the sights and sounds of this stunning country as you experience nature’s glory, from the forest and the savannah to the endless ocean and simply glorious beaches that are like nowhere else on earth. A South Africa cruise aboard MSC Melody or MSC Sinfonia is the best way to discover Africa in style.

Our elegant liners are equipped with every possible amenity and all bear the hallmark of welcoming and distinguished surroundings and a refined and exclusive atmosphere — a place where ‘vacation’ truly rhymes with ‘relaxation’. You will travel in elegant Italian style on the MSC Sinfonia — a luxury liner that offers a veritable ‘symphony’ of delights. From the well-appointed cabins to fabulous on-board entertainment, there really is no better way to experience this country. Onboard you’re spoilt for choice — from Virtual Golf to beauty centres — even kids and teens are catered for too with dedicated play and social areas.

Treat yourself to a voyage of a lifetime, a world of fascinating and memorable experiences— the heady rhythms and sounds of this magical continent are like the heartbeat of the world!

Find your South African Cruise

Northern Europe cruises with MSC CruisesNorthern Europe
Think you know Northern Europe? Once you’ve experienced an MSC Northern Europe cruise, you may think again! MSC Cruises offer itineraries that include the Baltics, Norway and the fantastic Norwegian fjords, plus an incredible circuit to Iceland that calls at the remote and beautiful Faroe and Shetland Islands.

Brilliant Baltics

The water-lined Baltic capitals could have been designed with cruises in mind! The cities of Tallin, Stockholm, Helsinki, Copenhagen and Amsterdam are wonderful to stroll around and full of fascinating sights, offering the ideal holiday break — a unique package packed full of variety, to give you a true vacation that marries luxury with relaxation.

Fantastic Fjords
You don’t have to travel to the other side of the world for a breathtaking coastline. Our Norway cruise boasts magnificent fjords as well as impossibly quaint coastal towns such as Bergen – guaranteed to appeal to those looking for something a little different from their holiday.

Find your Northern European Cruise

Bermudian cruises with Amazara Club CruisesSouth America
Brazil, the fifth largest country in the world, has a wealth of riches to offer the traveller – from history and wildlife to culture and music. The carnival city of Rio de Janiero, home to the Olympic Games, is worth taking a trip aboard an MSC South American cruise! Whatever your passions and interests, our South America cruises offer a great way to celebrate spring in style!

A discovery voyage of Latin American culture awaits you, offering up spectacular South American landscapes, tropical forestry, glistening beaches and a sampling of this continent’s famous party culture. February is carnival time in South America, prime time for our special South American cruise deals. Join the vibrant celebrations and give into the fun of the fiesta!

Experience the tropical paradises of Brazil, walk along Arrajal’s beaches and dance to the music of Rio de Janeiro, because it’s always party-time on our luxury South American cruises! Be seduced by stunning architecture in Salvador de Bahia, daydream on the legendary beaches of Copacabana and Ipanema.

Choose from the ‘Musica-class’ MSC Orchestra, a glittering gem of a cruise liner afloat crystal waters — perfect for a vibrant, entertainment-filled vacation. Or why not experience the grandeur and opulence of MSC Opera. Perhaps the unique MSC Musica is more your style, or maybe exclusive packages such as the Art Cruise or Food & Wine Cruises aboard the MSC Armonia will offer a welcome break, where you can escape into a world of quintessential Italian elegance.

Find your South American Cruise

Caribbean cruises with Amazara Club CruisesOcean Voyages
There’s something about an ocean cruise that evokes memories of a bygone era, a time when the journey was as important as the destination, when a transatlantic voyage meant travelling in comfort and in style, at a slower, more civilized pace. No longer reserved for the elite classes, ocean cruises now boast something for everyone, whether it’s for a once-in-a-lifetime trip, to celebrate a special occasion or simply your preferred, more leisurely way to travel.

Think of an ocean cruise and one thinks adventure, luxury, excitement and elegance. And all this is particularly true with the exceptional cruise line. We retain traditional values and re-invent them for the 21st century in our fleet of modern ships and our distinctive Italian flair for design and hospitality.

Our signature trademark for luxury and comfort makes us the ideal transatlantic holiday experience. Make no mistake, although we offer some of the best holiday cruise packages around. MSC’s ocean cruises are relaxed and luxurious affairs aboard beautifully appointed state-of-the-art ships.

Choose from a selection of magnificent liners, all of which bear the hallmarks of our sophisticated Italian style and flair. But, best of all, these cruises also represent terrific value for money. If you’re looking for a transatlantic cruise to the USA, a cruise vacation to Brazil or a once-in-a-lifetime cruise to South Africa then we think you’ll be pleasantly surprised by the deals we have on offer. Why not join MSC Cruises on one of our spectacular ocean cruises and, quite literally, broaden your horizons?

Find your Transatlantic Cruise

Book an MSC Cruise! Call 1-866-496-9862
MSC Cruises – Cruise Ships
MSC Cruises cruise ship Splendida
MSC Splendida
a luxury cruise liner where the best of cutting-edge technology and exceptional comfort are splendidly combined.
Futuristic, yet retaining Italian style and elegance, MSC Splendida is one of our most stunning ships yet. She is a cruise ship that acts as a blissful haven for her guests, enabling lucky passengers to ‘voyage’ rather than simply ‘travel’!

For their well-being, guests may partake in the MSC AUREA Spa. Here, the magic of Balinese massage meets holistic water treatments, a legacy of Roman times. Saunas, Turkish bath, solarium, relaxation room, Thalassotherapy, massage room, whirlpool – guests can enjoy all the facilities in a relaxing, luxurious surroundings. Entertainment on-board the luxury MSC Splendida ship leaves guests spoilt for choice: 4 swimming pools, an exercise room, squash court, the chance to simulate the thrill of Formula 1, and more…

MSC Cruises cruise ship Musica
MSC Musica
embodies Italian sophistication and elegance. This wonderful liner offers guests a host of magnificent meeting areas and a glittering array of facilities. Be dazzled by the central foyer on MSC Musica, aglow with a three-tier waterfall and piano suspended over a crystal floor above a pool of luminous water.

Further chances to shine abound in the Crystal Lounge, the fine Havana Club cigar lounge, stylish Kaito Sushi Bar and restful Zen garden, not to mention the superb Italian dining facilities. And with MSC Musica journeying to exotic cruise destinations such as Greece, Croatia and Brazil, you will soon feel in true harmony on whichever cruise you choose!

MSC Musica is the first of MSC Cruises’ ‘Musica-class’ vessels. She became the belle of the ball in Venice on 29 June 2006, where a display of lights and colours celebrated the inauguration of MSC Musica. With Sophia Loren – the ambassador of Italian elegance worldwide – as her godmother, MSC Cruises’ MSC Musica is one of the best examples of sophistication and luxury yet.

MSC Cruises cruise ship Armonia
MSC Armonia
– the luxury cruise ship that reflects her Italian name – this ship is a wonderful example of how space and intimacy can marry together in perfect harmony. One of MSC Cruises’ smaller ships, the lovely MSC Armonia oozes Italian style and caters for just over 3,000 guests, making it one of our best travel choices for a family cruise.

Offering a selection of marvellous suites with private balconies, MSC Armonia offers the panoramic ocean views our passengers desire together with spacious meeting areas ideal for gathering with friends and family as you embark on a voyage of a lifetime.

Enjoy good times together and sunbathe at one of the 2 outdoor swimming pools, work out at our gym, relax at the wellness centre, dance the night away in the glittering discotheque, sample culture and entertainment in the onboard theatre or try your luck in the ritzy casino! Children will love the kids’ club and can even take in a round of mini-golf onboard! Enjoy a taste of ‘la bella vita’ and in our 2 restaurants or cosy pizzeria grills.

MSC Cruises has completely restored MSC Armonia, one of our early cruise liners. Now fitted out with modern amenities, you can get down to the serious business of relaxation amidst fine, elegant surroundings that are carefully designed with Italian panache and flair right down to the last important detail. MSC Armonia is a dream comes true – an extraordinary floating universe designed for one purpose only – so you can get the most enjoyment from your magical holiday cruise!

MSC Cruises cruise ship Fantasia
MSC Fantasia
is the largest cruise ship ever built for a European ship owner. The flagship from MSC Cruises  is a masterpiece of Italian style: a perfect mix of advanced technology, elegance and exclusive services.
Built with the environment in mind, the MSC Fantasia cruise liner is constructed in a modern spirit, as we help preserve the environment without sacrificing guests’ comfort.

MSC Fantasia is not only a voyage of pleasure, but one of discovery. For the very first time on a ship, guests will walk on Swarovski crystal stairs. A transparent ceiling allows passengers to experience all the magic of sailing as they gaze at the starlit skies. With 27,000 m2 of public space, including the luxury MSC AUREA SPA, 5 restaurants, 4 swimming pools, 12 hydro-massage pools, coffee bars, shops, a children’s area, a Formula 1 simulator and an interactive 4-D cinema, you can truly rediscover yourself as you relax into your holiday.

The MSC AREA SPA offers ultra-modern treatments such as therapeutic mud packs, perfumed vapours, aesthetic massages and much more.
MSC Fantasia is the first cruise ship to boast an exclusive area: privileged passengers can sojourn in the MSC Yacht Club with 99 suites, a bar, solarium, 2 hydro-massage pools, 1 skydome swimming pool, concierge and glass-walled Observation Lounge where guests can enjoy amazing ocean views. A butler service will offer assistance at check-in, transport luggage, unpack, serve traditional English afternoon tea as well as arranging cigars and beverages, booking tables at restaurants, treatments in the MSC AUREA SPA, ad hoc excursions and even arranging a private party!

MSC Cruises cruise ship Opera
MSC Opera
cruise ship certainly lives up to her name – classic, grand, opulent – and really is a luxury liner with something to sing about! A true sense of grandeur and spaciousness prevails on MSC Opera, one of MSC Cruises’ most welcoming cruise liners.

Many of the staterooms on MSC Opera feature private balconies and all are roomy and comfortable. Displaying the hallmark Italian style found on all of MSC Cruises’ stately ships, the public areas are enhanced by a sweeping marble reception area and magnificent open spaces with glass walls in order to best exploit the fabulous ocean views.

To travel on MSC Opera is to experience the best of old-fashioned elegance with the best of modern home comforts. Once onboard MSC Opera you can look forward to a truly authentic Italian experience: enjoy an espresso at the coffee bar or indulge in a typical handmade Italian treat at the ice cream bar. Take Italian lessons, stop by the Internet Café or catch up on news back home and make use of our Wi-Fi spots in select areas of the ship. Spend quality time with the kids in a round of mini-golf or take classes at the health club. And when evening falls, join us for an elegant seven-course dinner followed by outstanding entertainment in our splendid Teatro dell’ Opera.

MSC Cruises cruise ship Melody
MSC Melody
is just like a favourite piece of music, it will remain in your memory long after your voyage has ended.

The smallest in MSC Cruises’ fleet, MSC Melody is designed to meet the highest standards of Italian style and sophistication, whilst offering a relaxed and informal cruise-ship experience.

With a capacity of just over 1,000 guests, MSC Melody is a beautiful bijou ship able to create a welcoming, intimate family feel on board.

Graceful public areas with grand high ceilings lend the MSC Melody a sense of openness. Comfortable, stylish staterooms are spacious and well-appointed. The ship’s retractable, transparent Magrodome allows you to enjoy one of the two swimming pools and whirlpools even if the skies cloud over.

Boasting the best of modern amenities, you can indulge in a treatment at the beauty salon and wellness centre or take in the rejuvenating ocean air on our specially-appointed jogging track. Don’t forget to sample wonderful cuisines in one of the two restaurants and comfortable lounges, and round off your day with a night of cards in the Seven Seas casino!

For traditional cruising, MSC Melody offers the perfect travel opportunity to visit amazing destinations in true Italian comfort and style.

MSC Cruises cruise ship Poesia
MSC Poesia –
Just as poetry brings lasting pleasure, the magnificent MSC Poesia cruise ship introduces a new dimension of enjoyment to the art of travelling by ship. Onboard our elegant cruise ship you will discover luxury cruising at its best – a spectacular waterfall with bridges in the foyer, a Zen garden in the sushi bar and a serene 12,000 square foot spa. Then imagine yourself on a private balcony overlooking the ocean and a star-filled sky and remember that this is the only way to voyage in style.

The MSC Poesia, our third ‘Musica class’ ship was inaugurated in 2008. As you would expect with such a new cruise liner, our beautiful ship is built to the highest and most demanding ecological standards, resulting in a truly modern liner. Designed with the hallmark Italian flair and elegance that guests associate with the MSC Cruises, suites onboard MSC Poesia are spacious and elegant and most have private balconies. Staterooms are elegantly decorated and passengers will appreciate the attention to detail and craftsmanship throughout the whole ship.

MSC Cruises cruise ship Lirica
MSC Lirica
 is the cruise ship that offers cosy comforts in a traditional yet elegant setting. If you are looking for a more casual resort ambience, decorated in an opulent yet relaxed style, the delightful MSC Lirica cruise liner is your ideal choice. Our warm Mediterranean hospitality will put you right at ease and our modern array of amenities will ensure your every wish is catered for!

Take a trip in style as you travel elegantly to your chosen destination. MSC Cruises’ fleet of luxury liners are renowned the world over for their fabulous attention to detail and quintessential Italian elegance. And on MSC Lirica you will soon see that the ship is as much a part of your voyage as the destination.

MSC Lirica has a very cosmopolitan itinerary and this is reflected in two of her popular meeting places onboard: the American-style Beverly Hills bar and the welcoming English-style Lord Nelson pub. Take advantage of the best of world cuisines served at each restaurant. Take time out at the Lirica Health Centre: indulge in beauty and spa treatments as you look out though floor-to-ceiling picture windows and magnificent ocean views.

MSC Cruises cruise ship Magnifica
MSC Magnifica –
Opulent and magnificent – get ready for a new class of luxury liner unlike any other.
MSC Magnifica is the latest ‘Musica-class’ luxury cruise ship from MSC Cruises.After a stunning christening ceremony in Hamburg, the stunning MSC Magnifica cruise ship came into service in March 2010, offering a whole host of exciting travel destinations.

A revolutionary and groundbreaking cruise ship, MSC Magnifica marries extraordinary comfort with pioneering design and technology to offer outstanding energy efficiency and environmental performance.

The MSC Magnifica ship carries 2,500 passengers and most can enjoy the luxury of a sea-facing cabin with balcony. Lucky guests on MSC Magnifica are expertly looked after by a 1,000-strong crew, enjoying the best of modern Italian style as they embark on their chosen voyage.

At the heart of MSC Magnifica is a lush haven of tranquillity, the luxurious MSC AUREA Spa. This sumptuous wellness centre offers a myriad of relaxation options from saunas and Turkish baths to a fitness centre, beauty salon, Thalassotherapy room, relaxation area and massage rooms. Why not give in to the magic of an authentic Balinese massage from professional masseurs?
Recreation options onboard MSC Magnifica are endless. Soak up the sun in the solarium or choose from 3 swimming pools, one under the ingenious ‘Magrodome’ retractable roof – perfect for winter cruising. Anyone for tennis… or basketball for that matter, not to mention jogging!

MSC Magnifica boasts all the fine dining and entertainment amenities you would expect on a superior luxury liner, and much more besides. With a choice of 5 restaurants, numerous bars, an internet café and cigar lounge – not forgetting the plush 1,200-seat theatre, cinema, casino and disco – the MSC Magnifica truly lives up to her Italian name – magnificent!

MSC Cruises cruise ship Orchestra
MSC Orchestra – Launched on 14 May 2007, the spectacular MSC Orchestra is one of MSC Cruises’ newest ships. The second of the ‘Musica-class’ line of cruise ships, MSC Orchestra offers the perfect blend of design, comfort and safety. Airy open spaces and MSC Cruises’ signature Italian style make MSC Orchestra a stylish pioneer for future cruise ship projects and designs.

Onboard the luxury MSC Orchestra cruise ship you will be enthralled by the wide spectrum of entertainment facilities – jog on a dedicated track, indulge in a rejuvenating Turkish bath, dine at the Shanghai Chinese restaurant, relax in the exotic animal-print Savannah Bar, sumptuous Purple Bar or enjoy Hollywood-style glamour in the chic Zaffiro Bar. Try your luck at the Palm Beach Casino, dance the night away in the disco or take in a show at the Covent Garden Theatre, with a programme packed with entertaining shows with music.

MSC Orchestra boasts a total of 16 decks, with sauna and whirlpool facilities, a wide choice of restaurants and cosy family pizzerias. Kids can go wild in the Jungle Adventure playroom whilst teens will quickly feel at home in the Teen’s Club.

In 2011, MSC Orchestra offers cruise voyages to the South America in spring and Northern Europe in the summer. In autumn she travels to the Mediterranean where she visits Spain, Portugal and Gibraltar. We welcome you to join our beautiful ship as she sails to exotic and delightful destinations, on what we are sure is the best cruise vacation you could wish for.

MSC Cruises cruise ship Sinfonia
MSC Sinfonia – step aboard the luxury ship to embark on a voyage back in time as you travel in elegant Italian style to ancient Mediterranean cruise destinations such as Venice, Capri and Athens or to beautiful South Africa.

MSC Sinfonia is a ship distinctive in both design and comfort, marrying the best of continental style with world-class service and attention to detail. The welcoming, professional crew aboard this elegant liner are on hand to offer round-the-clock hospitality and quality service.

MSC Sinfonia is named in homage to the rousing symphonies of Europe’s great classical composers: from Beethoven’s romantic masterpieces to Mozart’s lively works, paired with the contemporary tones of Debussy, Tchaikovsky and Brahms. We are sure your cruise holiday will be one of perfect harmony whether you are a first-time cruise passenger or seasoned ocean traveller!

And for the very first time onboard one of our MSC Cruises liners the MSC Sinfonia ship boasts a state-of-the art Virtual Golf Simulator that allows players, especially beginners, to practice their swing while sailing. Other state-of-the art amenities are found in the video games room and Teen Area. Don’t forget to recount your travels to envious friends back home from our well-equipped internet café!

But there’s more. Treat yourself in the hair salon, beauty centre or gym. With an array of shows, music, discotheques, casinos, and more, MSC Sinfonia offers a ‘symphony’ of sumptuous activities to do.

Book an MSCCruise! Call 1-866-496-9862
*Photos provided by MSCCruises.com
Drainware - Jose Ramon Palanco

Projects

Drainware

22 January, 2020

Tags: , , , , , ,

Between 2011 and 2014 we developed (Cristian Sandoval, Marco Lojo, Antonio Moreno, .. among others) a Cloud Platform with DLP capabilities, now in 2020 it is Open Source. It was a very cool technology at that time, we used mongo, redis, rabbitmq, .. among other technologies. Most of the magic was inside the endpoint, written in C++.

This product is able to identify data leaks in buffers like the clipboard, screenshot (OCR), … monitor removable devices, network units, applications (minifilter driver), cloud apps (dropbox, one drive, google drive), printer (OCR), …

It uses geolocation based on the SSIDs using google location services to track stolen devices or known when a device was located when the data leak was performed.

It also comes with a basic sandbox to freeze applications abused by exploits by detecting suspicious traces in memory like nop-sled, heap-spray, ….

One of the coolest features was the distributed search across all endpoints of the organization. It was possible to find files, emails, documents, …

Another interesting feature is that the endpoint includes a PHP interpreter to run callbacks or create validators based in regular expressions, REST API calls or whatever you can imagine. It also uses ADS, ssdeep and several fun things you will find browsing into the code.

Promo video:

Now this project is opensource!

The code

You can download the source code at Github:

https://github.com/drainware

DISCLAIRME: Use the code under your own responsibility. This project is not maintained for a long time, so most of the dependencies are obsoletes and some of them vulnerable.

Screencasts

Drainware Intro:

Drainware DLP:

DLP Storage:

DLP Custom rules:

 

 

 

Manual

 

Introduction

This manual is written either to be read sequentially the first time, or can be used as a reference guide. During this reading you can find notices in the following formats:

Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotations: Concept clarifications

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!: Important concepts to keep in mind

Tip: Tricks, shortcuts and other tips

About Drainware

Drainware is a security platform that is like a service. It has several modules to protect the information and/or the computers that contain this information.

We offer Freemium license which means you can start using it for free with some restrictions in its features.

Requirements

Operating System

Drainware can be deployed on computers with Microsoft Windows OS installed. The currently supported versions are the following:

OS Architecture
Windows XP x86
Windows 7/8 x86/x64
Windows 10 x86/x64

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!

Windows XP is supported only with Service Pack 3 or later. We also have support for Windows XP SP2, but you have to install the following components:

Windows Search 4.0 for Windows XP (KB940157)

Wireless LAN API (KB918997)

    1. Minimum Hardware

CPU: Intel Pentium III 1 GHz or faster

RAM: 1 GB (2GB recommended)

HDD: 200 MB

Installation

Signing up in the system

Before installing Drainware, it’s necessary to have an account on the platform. To sign up in the system you’ll have to go to the official Drainware website at https://www.drainware.com and click on the sign-up button in the top-right menu.

 

home

register

This will show us a form where we must input the information requested: registry data, company name, VAT ID, and the number of employees.

The e-mail will be associated with your account and it won’t be able to be changed in the future.

For the number of employees field, we only have to consider the ones that normally work with a computer.

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!: The password must have at least 8 characters.

Afterward, you will receive an e-mail that will allow you to validate your new account.

register_mail

When the license has been validated, it will redirect us to the sign-in page where we will have to input the e-mail and the password that we have entered in before.

login

Software endpoint installation

Once we have the license validated and entered our credentials, we are correctly signed in and able to download the software. After sign in, we have the possibility to download the installer. To the right of the download link, we have the license number that is a 16 digit code that we will need during the installation.

Download

This installer will install the 32 or 64-bit version, depending on the operative system used.

Advanced Installation

It is possible to deploy the endpoint in an unattended manner. This is very useful if you have a lot of users and you want to deploy it on a mass scale.

To do that, you can find the .msi installers available in the following URL

http://update.drainware.com/

The procedure to install it through the command line is below (where you must replace the red text by your license number):

msiexec /i file.msi /quiet /noreboot DDI_LIC=XXXX-XXXX-XXXX-XXXX

If you prefer you can use this logon script:

Name: drainware_logon.vbs

Function GetWindowsArchitecture(strComputerName)

Set objWMI = GetObject("winmgmts://" & strComputerName & "/root/cimv2")

Set colItems = objWMI.ExecQuery("Select * from Win32_OperatingSystem", , 48)




For Each objItem In colItems

GetWindowsArchitecture = "32-bit"

If left(objItem.Version,3) >= 6.0 Then

GetWindowsArchitecture = objItem.OSArchitecture

End If

Next

End Function

Function GetProgramsFolder()

Set wshShell = WScript.CreateObject("WScript.Shell")

GetProgramsFolder = wshShell.ExpandEnvironmentStrings("%programfiles%")

End Function

Function ExistDrainwareSecurityDir()

Set objFSO = CreateObject("Scripting.FileSystemObject")

ExistDrainwareSecurityDir = objFSO.FileExists(GetProgramsFolder() & "\Drainware\Drainware Security Endpoint\DrainwareSecurityAgent.exe")

End Function

Function DownloadDSE(strRemoteDSE, strLocalDir)

Set objFSO = CreateObject("Scripting.FileSystemObject")

objFSO.CopyFile strRemoteDSE, strLocalDir & "\"

End Function

Function InstallDSE(strLicense, strRepository)

If Not ExistDrainwareSecurityDir() Then

Set wshShell = WScript.CreateObject("WScript.Shell")

Select Case GetWindowsArchitecture(".")

Case "64-bit"

Rem Msgbox "Installing Endpoint 64-bit " & strLicense

strRemoteDSE = strRepository & "\SetupCloud.msi"

strLocalDSE = wshShell.ExpandEnvironmentStrings("%temp%") & "\SetupCloud.msi"

Case "32-bit"

Rem Msgbox "Installing Endpoint 32-bit " & strLicense

strRemoteDSE = strRepository & "\SetupCloud32.msi"

strLocalDSE = wshShell.ExpandEnvironmentStrings("%temp%") & "\SetupCloud32.msi"

End Select

DownloadDSE strRemoteDSE, wshShell.ExpandEnvironmentStrings("%temp%")

Rem Msgbox "msiexec /qn /i " & strLocalDSE & " ddi_lic=" & strLicense

Rem WshShell.Run "msiexec /qn /i " & strLocalDSE & " ddi_lic=" & strLicense

Msgbox "Your computer will restart after a few seconds"

End If

End Function

Dim strLicense

Dim strRepository

strLicense = WScript.Arguments(0)

strRepository = WScript.Arguments(1)

InstallDSE strLicense, strRepository

 

Usage:

drainware_logon.vbs LICENSE LOCATION

example: drainware_logon.vbs XXXX-XXXX-XXXX-XXXX \\mynas\resources\dlp\

The location must contains both msi files (for x86 and x64)

Useful links

Create a GPO (Windows 2008)

Initial configuration

In this section, we will go through the initial configuration of Drainware. These are the available options in the left menu (red area) of Drainware once you sign in.

menu

Credentials

In this section, we can update our password. If we want to change it, we also have to fill in the current password.

credentials

Subscription

Drainware has two different subscription types. One is the Freemium option, which offers a monthly service with a limit of 500 security events; after 500 events, the organization will be unprotected until the first day of the next month.

On the other hand, we offer a Premium subscription that is based on the number of users you wish to protect. The Premium subscription includes unlimited events (as long as use remains reasonable).

In this section, it is possible to check the validity of the subscription and upgrade it in the case of using a Freemium subscription.

If you have questions about this section, please write an e-mail to sales@drainware.com and our sales team will be happy to assist you.

Groups

It is possible that in your organization you would like to apply different policies depending on groups of users. We can organize the groups by areas or departments, depending on the requirements of the organization.

In this section, we can create the groups inside our platform and then apply policies directly over them.

It is possible to integrate the groups in the organization directly with Drainware, and this topic is explained in more detail in section 4.5.

Users

Every time that user logs in to a computer protected with Drainware, the server is notified, and it will register it in the system. From that moment, we can associate that user to one or more groups.

Authentication

To integrate Drainware with your organization, we offer an authentication module. We have 2 different options to configure the authentication module: local authentication or LDAP.

By default, Drainware works in the local authentication mode, in such a way that the group information is already in our platform.

With the LDAP option, it’s possible to integrate an LDAP server or Active Directory Domain to be able to use the users and groups of the organization.

If you want to integrate LDAP, it’s necessary to open the LDAP port to the Internet. We recommend opening it with SSL exclusively.

If you want to integrate it with Active Directory, you should use the following information:

Field Value
Type LDAP
SSL Depending on your configuration
Version 2.0
Host IP or Computer Name
Port 389 or 636 if it’s SSL
DN DOMAIN\user
Password User Password
Base DC=DOMAIN, DC=LOCAL
User Attr sAMAccountName
Recursive Groups Optional

We recommend to use always LDAP with SSL and to block any connection except if it comes from our public IP Adress.

We also have the “Recursive Groups” option. This option allows users in nested groups to resolve the groups to which they don’t directly belong.

Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotation: If an LDAP user doesn’t belong to any of the imported groups, it will belong to the default group automatically.

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

When the LDAP is integrated, all users will be available in the platform however the same doesn’t happen with the groups. The groups must be imported one by one from the group’s section, which will also be integrated with LDAP.

Time Zone

It’s possible that the employees of an organization work or travel around the world. Therefore, in Drainware, we work with the UTC time zone. In order to translate the time between different time zones, we offer the possibility to select the time zone where the administrator wishes to see the events.

Dashboard

The main window of Drainware shows an overview of the security events that happened since the installation of Drainware. It also shows the details of the events that happened since the beginning of every month.

Macintosh HD:Users:jose:Desktop:dashboard.png

For Freemium users, it shows a status bar that shows the monthly events. When the number of events reaches 500, Drainware will stop working until the beginning of the next month. The administrator will then receive an e-mail notification that the organization is not protected with Drainware anymore.

Tip:

To the right of the monthly events bar, you can find a link to get more free events per month in the Freemium version. To receive more free events, you only have to share a link with the reference code. For every verified installation referred to this code, Drainware will give you 100 extra free events per month.

DLP

In the DLP module (Data Loss Prevention), we can control the confidential information inside the organization to prevent data leaks.

Macintosh HD:Users:jose:Desktop:menu_dlp.png

Policies

The policies define what information you want to monitor and what action will be carried out. In the policies creation section, we provide a wizard that makes the whole process easier. We’re going to create a policy with the name POL001 and the description of “Policy 1”.

Macintosh HD:Users:jose:Desktop:pol1.png

In the first step we have to provide a name and a short description of the policy:

Macintosh HD:Users:jose:Desktop:pol2.png

In the next step, we have to define the information that we want to protect.

We can see the next menu:

  • Concepts / Subconcepts: patterns predefined by Drainware to identify the information.
  • Applications: applications that we’ll deny any access to confidential information.

As we continue configuring Drainware, this section will contain other elements such as rules, files, and network sites; which will see in the next sections.

Macintosh HD:Users:jose:Desktop:pol3.png

If we expand the Concepts/Subconcepts we will see a big list of categories. We can include a subconcept in our policy like Visa or the credit card concept that would include all credit card types.

Macintosh HD:Users:jose:Desktop:pol4.png

In the applications section, we can see a list (that can be extended by the user) that allows the blocking of several programs.

Macintosh HD:Users:jose:Desktop:pol5.png

In Step 3 we can see a list of the groups that we have already imported, the action that will be carried out, and the severity (how severe is the group of users that triggered the policy).

Macintosh HD:Users:jose:Desktop:pol6.png

We only have to select the groups that we want to be affected by the policy. When defining the action, it can be:

  • Log: logs the event in the Drainware database for audit purposes.
  • Alert: an e-mail is sent by default to the e-mail address used for sign up in Drainware, but it can be overridden by another address specified only for this policy.
  • Block: prevents filtering of information.

In all cases, the employee that executes the policy will see a notification.

Macintosh HD:Users:jose:Desktop:pol7.png

We only have to click the “Finalize” button and the policy will be created.

Macintosh HD:Users:jose:Desktop:pol8.png

Every time we create a policy, it will appear in the policies list. In this list, we have 3 buttons:

  • Configuration: we can configure the information to protect, like we configured in step 2.
  • Action: we can re-define actions for the different groups, like we configured in step 3.
  • Remove: removes the policy.

Once the policy is created, it can’t be renamed.

Macintosh HD:Users:jose:Desktop:pol9.png

Rules

With “Rules”, we can define our own information patterns to protect inside the policies. We can include, for example, confidential footers that we usually introduce in documents with confidential information. We can also add regular expressions that describe any confidential documents that we want to protect.

To create a rule, we have to introduce a name without spaces and special characters (A), a description (B), optionally, we can include a verification function in PHP (C) and we can define which policies we want to associate with this rule (D). Like policies, rules can’t be renamed either.

Tip:

If we want to use a verification function in PHP, it will receive the variable “$match” that contains the resulting match after the regular expression is applied. It will be necessary that after analyzing $match, it will assign TRUE (accept match) or FALSE (deny match) to the “$return_val” variable.

Macintosh HD:Users:jose:Desktop:rule.png

Files

For very exceptional cases, it’s possible that a rule can’t cover all our requirements and we’d want to sign up for a file. In these cases, we can upload a file to help Drainware to identify when someone is trying to filter information.

The procedure is very simple. We can upload one or more files and they will be automatically available to associate with our policies. We only have to go to the policy configuration and select the filename.

Every time we upload a file, this will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:files.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Before uploading a file, we suggest to use a unique filename or even put the current date to distinguish it from another with the same name.

 

Network Sites

In the network sites section, we can add Windows shared folders with the format \\server\resource.

This functionality is one of the most interesting ones. The endpoint software is ready to identify all the files copied in a computer from the shared folder added in Drainware. Once the file is copied, Drainware will check every file or every copy of them throughout the computer’s file system, allowing you to work with it, but denying its filtration.

For Network URI, we have to input the shared folder location., We must also introduce a short description, and then select the different policies to apply.

It will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:network place.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Only files that have been copied after add the shared folder will be monitored.

 

Applications

To add more applications and include them in our policies, we can add them in the “Manage Applications” section.

To add a new application, we will need its name, for example, iexplorer.exe, or skype.exe. Similarly to the other sections, we have to put a short description and select the policies to associate with it. It will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:apps.png

Advanced

Description: Macintosh HD:Users:jose:Desktop:block_crypt.png In the Advanced section of Drainware, we can configure the behavior of the DLP. We have 3 sections to configure its behavior.

The first section will allow us to block access to encrypted information within particular groups. The behavior will be the same as a file affected by blocked policy.

Description: Macintosh HD:Users:jose:Desktop:evidence.png

The second section will allow us to collect evidence every time an event is carried out. This configuration is directly related to an action defined in the policy, where we can define a criticality level for each group. In this configuration, we can select ‘None’ if we don’t want to collect evidence or the minimum level from which we would want to make for the collection. If we select the low level, the collection will be available for the low, medium, and high levels. If we select the medium level, it will be available only for the medium and high levels. And if we select high, it will be available only for that level.

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

The configuration of the evidence collector is only available for the Premium users. The Freemium users will receive the first 3 screenshots every month.

 

In the last section, we can globally enable or disable modules that affect all policies. In Drainware we consider 3 types of elements:

  • Source: information origin
  • Sink: information destination
  • Pipe: information channel

Description: Macintosh HD:Users:jose:Desktop:dlp_advanced.png

In sources, we currently only have “Network device”. That allows us to recognize Windows shared folders. If we disable this origin, the “Network Sites” section will stop working and it won’t be visible in the menu anymore.

In Sinks we have several modules that monitor the application of the corresponding action (block, alert or log):

  • Dropbox
  • Skydrive
  • Google Drive
  • Network Device
  • Pendrive
  • Printer

Finally, in Pipes we can monitor:

  • Clipboard Image
  • Clipboard Text
  • Keylogger

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

The keylogger module doesn’t allow block the tipping, because until it isn’t written it can’t be analyzed.

 

Notifications

Notifications can’t be configured in the DLP menu, they must be defined in the “General” section, but they are directly related to the DLP.

The notifications allow, as long as we have a browser opened and logged in, the receiving of notifications in real-time when an event is carried out.

We don’t recommend enabling the notifications for all actions and events, because, if they are executed regularly, it can be annoying.

The notifications are HTML5 notifications and they are integrated with the desktop of the operating system, as long as the browser and the operating system support it.

Description: Macintosh HD:Users:jose:Desktop:notifications.png

Sandbox

The Sandbox feature allows us to protect applications against virus. It’s not an antivirus replacement, but rather, a complement.

Description: Macintosh HD:Users:jose:Desktop:menu_sandbox.png

Previously, hackers took advantage of security problems in the server’s software to gain access to the organization. But a security suite was developed to enable firewalls, IDS, IPS…

In the last few years, hackers have taken advantage of new vectors. Using tools like LinkedIn, they can discover who a financially responsible person is, and what contacts he has. From that moment they can make an attack based on spear-phishing that consists of sent e-mails assuming his identity with an attached PDF or an URL that steals data or opens a connection to the outside.

Applications

In Drainware, we develop rules that allow us to block the affected applications before the system will be affected.

Description: Macintosh HD:Users:jose:Desktop:sandbox.png

Inspector

With the Inspector module, you can search in real-time over all the computers in the organization.

Description: Macintosh HD:Users:jose:Desktop:menu_inspector.png

It’s possible that in the organization we have a person or a group of people working with the kind of information to which they shouldn’t have access. It could be done unconsciously or premeditated. Either way, we can find out with the Inspector tool.

Furthermore, once we have experienced a leak of information, it is often very difficult to check all the computers where the related document was. With Inspector, it is possible in seconds, to find very specific files, download them, and even browse through the file system of the computers affected.

Remote search

With the remote search we can start to obtain results.

Description: Macintosh HD:Users:jose:Desktop:search_result.png

The search can take several minutes. The results are shown grouped by the name of the computer where the file was found. Expanding the results by computer, it’s possible to see the file details by clicking on it. We can see information about the modification date, file name, mime type, creation date, and short information about the file header. It’s also possible to download it.

Description: Macintosh HD:Users:jose:Desktop:details.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

You shouldn’t search by very short terms or generic terms. The result can take too much time or it can be unmanageable.

 

It’s possible to browse through one of the computers listed in the results. To do this, you must click on the computer name or IP address (red area).

Description: Macintosh HD:Users:jose:Desktop:browse.png

The file explorer feature is further detailed in section 7.3 of this manual.

Multiple Remote Searches

If we want to search for a lot of terms, it’s possible to use the Multiple Remote Searches function.

To use this feature, you have to create a file with all the search terms in one line, separated by commas. We can create different lines, each one with its own keywords.

keyWordGroupA-1, keyWordGroupA-2, keyWordGroupA-3

keyWordGroupB-1, keyWordGroupB-2

keyWordGroupC-1, keyWordGroupC-2, keyWordGroupC-3

The file extension must be TXT. In addition to uploading the file, we must input a name for this report.

Description: Macintosh HD:Users:jose:Desktop:multiple.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

You shouldn’t search for very short terms or generic terms. The results can take too much time to obtain, or the results can be unmanageable.

 

Remote Files explorer

The Remote Files Explorer allows us to inspect any computer in the organization with Drainware installed.

We will have to provide some details about the computer: computer name, IP address, and optionally, the path. From this point, we can browse through any device in the computer and even download files.

Description: Macintosh HD:Users:jose:Desktop:browse_details.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Drainware is not developed to be an FTP server. Downloading a file with several MB in size can take several minutes until the download starts.

Remote Devices

With this feature, we can see the geographic position of all the devices that have Drainware installed.

In most cases, the geolocation is performed through the IP address, but when the Wi-Fi is activated, it’s possible that the geolocation is performed through Wi-Fi triangulation.

Description: Macintosh HD:Users:jose:Desktop:inspector_map.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Make sure that you don’t refresh the webpage until all the endpoints have responded, especially in networks with thousands of endpoints, as the webpage loading could take several minutes.

In addition to the geolocation of the devices, it’s possible to get a network map encapsulating all the computers that belong to the same ranges. To that effect, we will click on the Network View tab.

Description: Macintosh HD:Users:jose:Desktop:Screen Shot 2013-11-19 at 14.59.29.png

The results are shown in circles, where every circle represents a range or a group of ranges.

Description: Macintosh HD:Users:jose:Desktop:network-1.png

Description: Macintosh HD:Users:jose:Desktop:network3.png It’s possible to click on the segments that we want to inspect and see all the computers connected at that moment.

Reporter

With the Reporter module, we can have access to the data recorded by Drainware. We can get details of every module or statistic from the global behavior of the DLP, Inspector, or Sandbox.

Description: Macintosh HD:Users:jose:Desktop:menu_reporter.png

DLP Events

Once we open the DLP events information, we can see a graph with all the events related to the data leak. Under the graph, we can see a table with a list of related events, ordered from the most recent to the oldest. The table has some controls at the bottom where we can refresh it or browse through.

Description: Macintosh HD:Users:jose:Desktop:DLP.png

The list only shows a preview of the event. If we want to see detailed information, we must click on it.

The details of each event are shown in a table that provides all the information related to the event. Depending on the configuration, it’s also possible to see a screenshot done at the same moment that the event was carried out.

Description: Macintosh HD:Users:jose:Desktop:DLP_events.png

Description: Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotations: Freemium users can only see the first 3 screenshots every month.

Under the table, there is a button which generates a report with the latest security events.

Description: Macintosh HD:Users:jose:Desktop:export.png

If we want to find events by a range of dates, event type, policy, severity, rule, etc., we can use the “Advanced Query” system. As we can have a result with too many events, it’s possible to fill in the maximum number of events we want to show in the result.

Description: Macintosh HD:Users:jose:Desktop:DLP_reporter_Search.png

Every time a query is generated, it’s possible to export the results in CSV format. In order to do this, you have to click on the Generate Report button at the end of the page:

Description: Macintosh HD:Users:jose:Desktop:export.png

DLP Stats

The events and detail of events information is interesting, but in many cases, it’s necessary to have a view at a higher level of what is happening with confidential information or to know how the policies that we have configured are working. To do so, we will create data analysis and statistics.

Activity

In the same graph, it represents the average between severity, action, and the number of events. The policies with more events are located to the right, with the vertical axis representing the average of the actions carried out, where the block is the highest part. The average of the severity is shown in the size of the circle. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:dlp_report.png

Groups by policy

In this graph we can see the groups that carried out more events of one policy. In the top left combo box, you can select a period of time. In the top right combo box, you can select the policy.

Description: Macintosh HD:Users:jose:Desktop:group_by_policy.png

Users by policy

In this graph, we can see the users that carried out more events of one policy. In the top left combo box, you can select a period of time. In the top right combo box, you can select the policy.

Description: Macintosh HD:Users:jose:Desktop:user_by_policy.png

Policy

With the policy graph, we can analyze the policies with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:policy.png

Groups

With the policy graph we can analyze the groups with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:group.png

Sandbox Events

We can see a graph with related events with attempts to abuse applications. Under the graph, we can see a table with the list of events, ordered from the most recent to the oldest. The table has some controls at the bottom where we can refresh it or browse through.

Sandbox Stats

Applications

With the applications graph, we can analyze the policies with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:sandbox_apps.png

Groups

With the policy graph, we can analyze the groups with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:sandbox_groups.png

Inspector search reports

When we make multiple remote searches from the Inspector section, the results are generated in this section. We can find the report by a range of dates to download in Microsoft Excel format.

Description: Macintosh HD:Users:jose:Desktop:reporter_inspector.png

Troubleshooting

Corporate Proxy

Drainware supports connection through a proxy, either configured in the system or auto-configured. However, if the proxy uses authentication, it’s necessary to enable “*.drainware.com” in the accessible domains without authentication.

If you are using SQUID, the configuration would be the next one:

acl drainware dstdomain .drainware.com

acl CONNECT method CONNECT

acl dwCONNECT dstdomain .drainware.com

http_access allow CONNECT dwCONNECT localnet

http_access allow drainware localnet

 

Share with your friends










Submit

Author

Jose Palanco

VP Threat Intelligence at ElevenPaths