Norwegian Cruise Line

Norwegian Cruise Lines with over 120 ports of call the NCL Norwegian Cruiseline has something for everyone exclusively with Travelonly
Spanning five continents and more than 120 ports of call, the world of Norwegian Cruise Line has something for everyone. Find adventure in Alaska. Golf in Hawaii. Dive a shipwreck in the Caribbean. Shop in Italy. Or just look good on the French Riviera. With more than 65 itineraries calling on 52 countries, there’s definitely a cruise that’s perfect for you and yours.
Alaskan cruises with Norwegian Cruise LineAlaska
There’s no better way for you and your family to see Alaska and the Inside Passage than with us. Start your Alaska cruise from Seattle or Vancouver and get ready for amazing views and wildlife like nowhere else. On board relax in the Mandara Spa with a massage, check out the casino or just soak in a hot tub and watch the scenery glide by.
Find your Alaskan Cruise

Bermuda cruises with Norwegian Cruise LineBermuda
Sail from New York or Boston to this lovely island, which sits just 600 nautical miles off the eastern seaboard. We’ll anchor at King’s Wharf for three nights, giving you the freedom to explore the beaches, golf courses, restaurants, shops and historic monuments at your leisure. Come back aboard and get a massage, drop by the casino, eat late and dance all night. It’s all good, because with Freestyle Cruising, we’re on your schedule, not ours.

Find your Bermudan Cruise

Caribbean cruises with Norwegian Cruise LineCaribbean
There really aren’t enough adjectives to describe the colors of the Caribbean. The water shifts from aqua to turquoise to deep blue. Throw in some white-sand beaches, yellow, pink and green architecture, some rather colorful colonial history, plus great dive spots, duty-free shopping and you’ve got one amazing cruise vacation. And with Freestyle Cruising, it becomes one of the most relaxing spots on earth. So go ahead, find your place on a postcard-perfect beach and do absolutely nothing.
Find your Caribbean Cruise

Hawaiian cruises with Norwegian Cruise LineHawaii
With Freestyle Cruising and our unique 7-day cruise itineraries, you get the option of overnights in both Maui and Kauai as well as visits to Oahu and the Big Island of Hawaii. You’ll be on island time as you discover cascading waterfalls, active volcanoes, black, green and white sand beaches, historic sites and unspoiled nature. And if you’re a golfer, we’ve partnered with some of the best golf courses on all four islands.

Find your Hawaiian Cruise

Pacific Coast cruises with Norwegian Cruise LinePacific Coast
Mix the big city cool of Los Angeles, San Francisco and Vancouver with quaint towns like Astoria or Victoria, and you’ve got a fantastic cruise vacation on the Pacific Coast. With Freestyle Cruising, you’ll have plenty of time on board to enjoy our first-class spas, action-packed casinos and more dining choices than days of the week.

Find your Pacific Coast Cruise

Hawaiian cruises with Norwegian Cruise LineWeekend Getaways
Slip away for a night or two at sea. Leave all your cares on land and slip away for a cruise to nowhere. Enjoy dinner and dancing, take in a show, win big in the casino, party the night away or spend some time in the spa to relax and rejuvenate. We’ve got weekend getaways from homeports around the country, so get on board.

Find your Party Cruise

Bahamas and Florida cruises with Norwegian Cruise LineBahamas & Florida
Cruise for a week to the sunny beaches and fun theme parks of the Bahamas and Florida or make it a quick 3- or 4-day getaway to the Bahamas. Whether you’re looking for a tropical adventure, a little romance or just a great time with the kids, we’ve got the perfect 3-, 4- and 7-day vacations. Add in Freestyle Cruising with our award-winning dining, entertainment, accommodations and tons of fun for everyone and you’ve got one perfect cruise.

Find your Bahamas Cruise

Canada and New England cruises with Norwegian Cruise LineCanada & New England
Cruising the shorelines of Canada and New England as the leaves change color is more than a mere spectator sport. Beyond the explosion of reds and yellows, there are quaint towns and vibrant cities famous for their history, culture, scenery and for the best lobster on earth. Norwegian Cruise Line offers 7-, 9- and 10-day Freestyle cruises so you can get your fill of the things you love most on this amazing vacation.

Find your Canada/New England Cruise

Europe cruises with Norwegian Cruise LineEurope
Wake up to a new city every morning.
With so many itineraries in Europe, you’ll definitely find the European vacation you’ve been dreaming of. You can do it all and unpack only once. Whether it’s just the two of you or you’re introducing the kids to the wonders of the Old World, we’ll make it the most rewarding, relaxed European vacation ever. So join us for a warm Mediterranean cruise, cool Baltic and North Seas cruise, or a Transatlantic cruise, and we’ll take you there in style.

Find your Northern Europe Cruise
Find your Southern Europe Cruise

Mexican Riviera cruises with Norwegian Cruise LineMexican Riviera
Each port along the Mexican Riviera is filled with fun and adventure including kayaking, zip lining, swimming with dolphins, scuba diving and much more. You’re never far from a beautiful beach or a good party. And, don’t forget the perfect spot on board to partake in the Mexican tradition of the afternoon siesta is right by the Oasis Pool on Norwegian Star.
Find your Mexican Cruise

Panama Canal cruises with Norwegian Cruise LinePanama Canal
Traversing the 40-mile Panama Canal is a rite of passage and something you’ll remember for a lifetime. Add in compelling ports like Cartagena, Huatulco or laid-back Key West, and you’re in for a unique adventure. Depart from Miami or Los Angeles and cruise to some of the most exotic and beautiful destinations on earth.

Find your Panama Canal Cruise

Book a Norwegian Cruise Line Cruise! Call 1-866-496-9862
Norwegian Cruise Line – Cruise Ships
Norwegian Cruise Line cruise ship DawnNorwegian Dawn
This year, New York’s favorite cruise ship takes you from Manhattan to Bermuda in the summer, Canada & New England in the fall and from Miami to the best spots in the Caribbean during winter. Starting 2011, she’ll sail from Boston to Bermuda. And, thanks to Freestyle Cruising, you’ll have time to enjoy all 14 delicious dining options, 11 fun bars and lounges, the fitness center and spa, casino, pools and more. Plus, she offers a range of spacious accommodations to suit every size family and budget.

Norwegian Dawn Highlights

  • dawn CasinoTake Lady Luck for a spin in the Dawn Club Casino – enjoy Roulette, Blackjack and more.
  • elegant dawn luxury suite Largest suite at sea – 5,750-sq ft Garden Villas: 3-bedrooms, private garden, hot tub & more.
  • amazing pools on the Dawn Ship Let the kids splash around the T-Rex Kid’s Pool and play with kids their age at the Kid’s Center.
Norwegian Cruise Line cruise ship Gem
Norwegian Gem
This sparkling cruise ship is the perfect choice for cruising the Bahamas & Florida, Caribbean, Mediterranean and in 2011, Bermuda. From a chic, four-lane bowling alley to tons of dining choices and Freestyle Cruising, Norwegian Gem has it all. Chill out by the pool, get lucky in the casino, unwind at the spa, and make the kids happy with our water slides, Wii™ games and lots more. Accommodations range from luxury multi-room Villas to romantic suites to spacious and affordable staterooms.

Norwegian Gem Highlights

  • Gem entertainmentBowl, dance and bowl some more – all to the DJ’s soundtrack in Bliss Ultra Lounge.
  • Gem luxurious suitesMarvel at the talented Teppanyaki chefs slicing and dicing lobster, steak, chicken and scallops.
  • Entertainment on GemsPlay Nintendo Wii™ on the ship’s massive two-story screen.
Norwegian Cruise Line cruise ship Jewel
Norwegian Jewel
As the namesake of our “Jewel Class” cruise ships, you can bet she’s got it all. As well as offering some of the largest suites and villas at sea, there are staterooms to accommodate every style. When it comes to entertainment, this ship’s filled with excitement: 16 dining options, 13 bars and nightclubs and that’s just the beginning. So, come aboard and sail to Canada & New England, go island hopping in the Caribbean or have a blast in the Bahamas & Florida.

Norwegian Jewel Highlights

  • Jewel poolSunbathe on the private pool deck in the Courtyard Villa Complex.
  • Jewel Kid poolWatch the kids have a blast at the Splashdown Kid’s Club, Sapphire Kid’s Pool.
  • Jewel elegant gardenWitness the fall colors from a private balcony on a Canada & New England cruise.
Norwegian Cruise Line cruise ship Sky
Norwegian Sky
The Bahamas Ministry of Tourism has named NCL "Cruise Line of the Year." And it’s no wonder. As the youngest cruise ship sailing to the Bahamas, the popular Norwegian Sky offers 3- and 4-day cruises all year round. And, if you decide to bring the kids, we’ll keep them entertained all day, while you lounge by the pool, play in the casino, enjoy dinner at one of 10 restaurants, celebrate in any of 11 bars, or just do nothing.

Norwegian Sky Highlights

  • dawn CasinoDine in Le Bistro, with delicious French cuisine — every table has an ocean view.
  • elegant dawn luxury suiteCatch a show nightly in the 1,000-seat Stardust Lounge.
  • amazing pools on the Dawn ShipBe a part of the ultimate happy hour, sailing out of Miami at 5 o’ clock every Friday of the year.

Norwegian Cruise Line cruise ship Sun
Norwegian Sun
Where in the world do you want to go? Chances are Norwegian Sun can take you there with itineraries to Europe’s historic Baltic Capitals and the laid-back Caribbean. While you’re becoming a world traveler, you won’t have to worry about what to do or where to go, as there are 14 dining options, 10 bars and lounges, the relaxing Body Waves Spa and the always-exciting Sun Club Casino.

Norwegian Sun Highlights

  • Sun suitesToast the sunset from an Owner’s Suite private balcony
  • Play sports and work-out at the sun ship facilitiesMake new friends in a pick-up basketball game with a scenic view of the Baltic coastline.
  • amazing pools on the Dawn ShipSoak up the sun and enjoy the passing scenery in one of the five hot tubs and pools.
Norwegian Cruise Line cruise ship Epic
Norwegian Epic
Welcome to Norwegian Epic, NCL’s newest, largest and most innovative cruise ship ever. This is cruising re-imagined – with exclusives like Blue Man Group appearing at sea for the first time.

Norwegian Epic Highlights

  • Epic CasinoThe best entertainment at sea with Blue Man Group, Cirque Dreams & Dinner,and more
  • Epic fine diningExperience 17 extraordinary culinary dining options.
  • Epic suitesA New Wave of completely unique accomodations.







Norwegian Cruise Line cruise ship Jade
Norwegian Jade
Sailing the Mediterranean year-round, Norwegian Jade is the perfect way to explore the pyramids, castles, cathedrals, romantic islands and sophisticated cities of Europe. And as you cruise from port to port along stunning coastlines, we’ll keep you entertained day and night with exciting nightclubs, award-winning restaurants, a grand casino, swimming pools, a pampering spa and so much more. There’s tons of fun for kids too, so bring the whole family, and enjoy the European cruise adventure of a lifetime.

Norwegian Jade Highlights

  • Jade EntertainmentDine in Le Bistro, with delicious French cuisine – every table has an ocean view.
  • Jade fine diningGet decked out in your favorite white outfit and dance the night away at the White Hot Party.
  • Jade SuitesCatch a show nightly in the 1,042-seat Stardust Theater.


Norwegian Cruise Line cruise ship Century
Norwegian Pearl
Whether cruising to the warmth of the Caribbean or exploring the glaciers of Alaska, we invite you to experience the wonders of getting there aboard Norwegian Pearl. Her chic bowling alley, rock climbing wall, 16 delicious dining options, 13 bars and lounges, casino, spa, pools, fitness center, Garden Villas, Courtyard Villas and so much more make this Jewel Class cruise ship a destination of her own.

Norwegian Pearl Highlights

  • Breathe taking view from the balchoniesWatch glaciers calve from a private balcony while on an Alaska cruise.
  • Fine steak at the pearlEnjoy a fantastic steak in Cagney’s while sailing through the Caribbean.
  • Relaxing Spa treatments at the PearlRelax in the hydrotherapy room after a couples massage at the South Pacific Spa.


Norwegian Cruise Line cruise ship Star
Norwegian Star
Some like it hot and some like it cool – which is why Norwegian Star cruises to the Mexican Riviera and Alaska. And starting in 2011 she’ll be sailing from Tampa to the Caribbean. On board she features 14 delicious dining options, 9 bars and lounges, a sprawling spa, an always-exciting casino, plus tons of fun for kids of every age. So whether it’s sipping margaritas, exploring Mayan ruins or mushing a dog sled, this ship offers it all.

Norwegian Star Highlights

  • Star amazing suites with gardensOur 6,694 sq ft Garden Villas have 3-bedrooms, private garden, hot tub and more.
  • amazing gardens onboard the StarWatch the sun go down from 14 decks above the ocean at the open-air Bier Garten.
  • amazing pools on the Dawn ShipWin Big at the Star Club Casino, Let it Ride™, Caribbean Stud Poker™, craps & blackjack


Norwegian Cruise Line cruise ship Pride of America




Pride of America
Aloha! Come aboard Pride of America for the best way to island hop Hawaii. From the moment you step into the Capitol Atrium, with its soaring Tiffany-glass dome and grand staircase, you’ll know this is a spectacular cruise ship. Cruise America’s paradise in style, with 14 restaurants and nine bars and lounges, excellent family accommodations, spacious suites and lots of balconies – perfect for whale watching, witnessing Kilauea Volcano or taking in the dramatic views of the Napali Coast.

Pride of America Highlights

  • Pride of America and hold meetings for your companiesThe largest conference facilities at sea. More than 9,300 square feet of dedicated meeting space.
  • Pride of America luxurious suites and penthouse suitesFeaturing unique Family Suites and Penthouses with family-friendly accommodations.
  • Pride of America offers breathe taking views Cruise past Kilauea by night and Napali Coast by day. Don’t miss the playful whales along the way.


Book a Norwegian Cruise LineCruise! Call 1-866-496-9862
*Photos provided by AzamaraclubCruises.com
Drainware - Jose Ramon Palanco

Projects

Drainware

22 January, 2020

Tags: , , , , , ,

Between 2011 and 2014 we developed (Cristian Sandoval, Marco Lojo, Antonio Moreno, .. among others) a Cloud Platform with DLP capabilities, now in 2020 it is Open Source. It was a very cool technology at that time, we used mongo, redis, rabbitmq, .. among other technologies. Most of the magic was inside the endpoint, written in C++.

This product is able to identify data leaks in buffers like the clipboard, screenshot (OCR), … monitor removable devices, network units, applications (minifilter driver), cloud apps (dropbox, one drive, google drive), printer (OCR), …

It uses geolocation based on the SSIDs using google location services to track stolen devices or known when a device was located when the data leak was performed.

It also comes with a basic sandbox to freeze applications abused by exploits by detecting suspicious traces in memory like nop-sled, heap-spray, ….

One of the coolest features was the distributed search across all endpoints of the organization. It was possible to find files, emails, documents, …

Another interesting feature is that the endpoint includes a PHP interpreter to run callbacks or create validators based in regular expressions, REST API calls or whatever you can imagine. It also uses ADS, ssdeep and several fun things you will find browsing into the code.

Promo video:

Now this project is opensource!

The code

You can download the source code at Github:

https://github.com/drainware

DISCLAIRME: Use the code under your own responsibility. This project is not maintained for a long time, so most of the dependencies are obsoletes and some of them vulnerable.

Screencasts

Drainware Intro:

Drainware DLP:

DLP Storage:

DLP Custom rules:

 

 

 

Manual

 

Introduction

This manual is written either to be read sequentially the first time, or can be used as a reference guide. During this reading you can find notices in the following formats:

Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotations: Concept clarifications

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!: Important concepts to keep in mind

Tip: Tricks, shortcuts and other tips

About Drainware

Drainware is a security platform that is like a service. It has several modules to protect the information and/or the computers that contain this information.

We offer Freemium license which means you can start using it for free with some restrictions in its features.

Requirements

Operating System

Drainware can be deployed on computers with Microsoft Windows OS installed. The currently supported versions are the following:

OS Architecture
Windows XP x86
Windows 7/8 x86/x64
Windows 10 x86/x64

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!

Windows XP is supported only with Service Pack 3 or later. We also have support for Windows XP SP2, but you have to install the following components:

Windows Search 4.0 for Windows XP (KB940157)

Wireless LAN API (KB918997)

    1. Minimum Hardware

CPU: Intel Pentium III 1 GHz or faster

RAM: 1 GB (2GB recommended)

HDD: 200 MB

Installation

Signing up in the system

Before installing Drainware, it’s necessary to have an account on the platform. To sign up in the system you’ll have to go to the official Drainware website at https://www.drainware.com and click on the sign-up button in the top-right menu.

 

home

register

This will show us a form where we must input the information requested: registry data, company name, VAT ID, and the number of employees.

The e-mail will be associated with your account and it won’t be able to be changed in the future.

For the number of employees field, we only have to consider the ones that normally work with a computer.

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!: The password must have at least 8 characters.

Afterward, you will receive an e-mail that will allow you to validate your new account.

register_mail

When the license has been validated, it will redirect us to the sign-in page where we will have to input the e-mail and the password that we have entered in before.

login

Software endpoint installation

Once we have the license validated and entered our credentials, we are correctly signed in and able to download the software. After sign in, we have the possibility to download the installer. To the right of the download link, we have the license number that is a 16 digit code that we will need during the installation.

Download

This installer will install the 32 or 64-bit version, depending on the operative system used.

Advanced Installation

It is possible to deploy the endpoint in an unattended manner. This is very useful if you have a lot of users and you want to deploy it on a mass scale.

To do that, you can find the .msi installers available in the following URL

http://update.drainware.com/

The procedure to install it through the command line is below (where you must replace the red text by your license number):

msiexec /i file.msi /quiet /noreboot DDI_LIC=XXXX-XXXX-XXXX-XXXX

If you prefer you can use this logon script:

Name: drainware_logon.vbs

Function GetWindowsArchitecture(strComputerName)

Set objWMI = GetObject("winmgmts://" & strComputerName & "/root/cimv2")

Set colItems = objWMI.ExecQuery("Select * from Win32_OperatingSystem", , 48)




For Each objItem In colItems

GetWindowsArchitecture = "32-bit"

If left(objItem.Version,3) >= 6.0 Then

GetWindowsArchitecture = objItem.OSArchitecture

End If

Next

End Function

Function GetProgramsFolder()

Set wshShell = WScript.CreateObject("WScript.Shell")

GetProgramsFolder = wshShell.ExpandEnvironmentStrings("%programfiles%")

End Function

Function ExistDrainwareSecurityDir()

Set objFSO = CreateObject("Scripting.FileSystemObject")

ExistDrainwareSecurityDir = objFSO.FileExists(GetProgramsFolder() & "\Drainware\Drainware Security Endpoint\DrainwareSecurityAgent.exe")

End Function

Function DownloadDSE(strRemoteDSE, strLocalDir)

Set objFSO = CreateObject("Scripting.FileSystemObject")

objFSO.CopyFile strRemoteDSE, strLocalDir & "\"

End Function

Function InstallDSE(strLicense, strRepository)

If Not ExistDrainwareSecurityDir() Then

Set wshShell = WScript.CreateObject("WScript.Shell")

Select Case GetWindowsArchitecture(".")

Case "64-bit"

Rem Msgbox "Installing Endpoint 64-bit " & strLicense

strRemoteDSE = strRepository & "\SetupCloud.msi"

strLocalDSE = wshShell.ExpandEnvironmentStrings("%temp%") & "\SetupCloud.msi"

Case "32-bit"

Rem Msgbox "Installing Endpoint 32-bit " & strLicense

strRemoteDSE = strRepository & "\SetupCloud32.msi"

strLocalDSE = wshShell.ExpandEnvironmentStrings("%temp%") & "\SetupCloud32.msi"

End Select

DownloadDSE strRemoteDSE, wshShell.ExpandEnvironmentStrings("%temp%")

Rem Msgbox "msiexec /qn /i " & strLocalDSE & " ddi_lic=" & strLicense

Rem WshShell.Run "msiexec /qn /i " & strLocalDSE & " ddi_lic=" & strLicense

Msgbox "Your computer will restart after a few seconds"

End If

End Function

Dim strLicense

Dim strRepository

strLicense = WScript.Arguments(0)

strRepository = WScript.Arguments(1)

InstallDSE strLicense, strRepository

 

Usage:

drainware_logon.vbs LICENSE LOCATION

example: drainware_logon.vbs XXXX-XXXX-XXXX-XXXX \\mynas\resources\dlp\

The location must contains both msi files (for x86 and x64)

Useful links

Create a GPO (Windows 2008)

Initial configuration

In this section, we will go through the initial configuration of Drainware. These are the available options in the left menu (red area) of Drainware once you sign in.

menu

Credentials

In this section, we can update our password. If we want to change it, we also have to fill in the current password.

credentials

Subscription

Drainware has two different subscription types. One is the Freemium option, which offers a monthly service with a limit of 500 security events; after 500 events, the organization will be unprotected until the first day of the next month.

On the other hand, we offer a Premium subscription that is based on the number of users you wish to protect. The Premium subscription includes unlimited events (as long as use remains reasonable).

In this section, it is possible to check the validity of the subscription and upgrade it in the case of using a Freemium subscription.

If you have questions about this section, please write an e-mail to sales@drainware.com and our sales team will be happy to assist you.

Groups

It is possible that in your organization you would like to apply different policies depending on groups of users. We can organize the groups by areas or departments, depending on the requirements of the organization.

In this section, we can create the groups inside our platform and then apply policies directly over them.

It is possible to integrate the groups in the organization directly with Drainware, and this topic is explained in more detail in section 4.5.

Users

Every time that user logs in to a computer protected with Drainware, the server is notified, and it will register it in the system. From that moment, we can associate that user to one or more groups.

Authentication

To integrate Drainware with your organization, we offer an authentication module. We have 2 different options to configure the authentication module: local authentication or LDAP.

By default, Drainware works in the local authentication mode, in such a way that the group information is already in our platform.

With the LDAP option, it’s possible to integrate an LDAP server or Active Directory Domain to be able to use the users and groups of the organization.

If you want to integrate LDAP, it’s necessary to open the LDAP port to the Internet. We recommend opening it with SSL exclusively.

If you want to integrate it with Active Directory, you should use the following information:

Field Value
Type LDAP
SSL Depending on your configuration
Version 2.0
Host IP or Computer Name
Port 389 or 636 if it’s SSL
DN DOMAIN\user
Password User Password
Base DC=DOMAIN, DC=LOCAL
User Attr sAMAccountName
Recursive Groups Optional

We recommend to use always LDAP with SSL and to block any connection except if it comes from our public IP Adress.

We also have the “Recursive Groups” option. This option allows users in nested groups to resolve the groups to which they don’t directly belong.

Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotation: If an LDAP user doesn’t belong to any of the imported groups, it will belong to the default group automatically.

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

When the LDAP is integrated, all users will be available in the platform however the same doesn’t happen with the groups. The groups must be imported one by one from the group’s section, which will also be integrated with LDAP.

Time Zone

It’s possible that the employees of an organization work or travel around the world. Therefore, in Drainware, we work with the UTC time zone. In order to translate the time between different time zones, we offer the possibility to select the time zone where the administrator wishes to see the events.

Dashboard

The main window of Drainware shows an overview of the security events that happened since the installation of Drainware. It also shows the details of the events that happened since the beginning of every month.

Macintosh HD:Users:jose:Desktop:dashboard.png

For Freemium users, it shows a status bar that shows the monthly events. When the number of events reaches 500, Drainware will stop working until the beginning of the next month. The administrator will then receive an e-mail notification that the organization is not protected with Drainware anymore.

Tip:

To the right of the monthly events bar, you can find a link to get more free events per month in the Freemium version. To receive more free events, you only have to share a link with the reference code. For every verified installation referred to this code, Drainware will give you 100 extra free events per month.

DLP

In the DLP module (Data Loss Prevention), we can control the confidential information inside the organization to prevent data leaks.

Macintosh HD:Users:jose:Desktop:menu_dlp.png

Policies

The policies define what information you want to monitor and what action will be carried out. In the policies creation section, we provide a wizard that makes the whole process easier. We’re going to create a policy with the name POL001 and the description of “Policy 1”.

Macintosh HD:Users:jose:Desktop:pol1.png

In the first step we have to provide a name and a short description of the policy:

Macintosh HD:Users:jose:Desktop:pol2.png

In the next step, we have to define the information that we want to protect.

We can see the next menu:

  • Concepts / Subconcepts: patterns predefined by Drainware to identify the information.
  • Applications: applications that we’ll deny any access to confidential information.

As we continue configuring Drainware, this section will contain other elements such as rules, files, and network sites; which will see in the next sections.

Macintosh HD:Users:jose:Desktop:pol3.png

If we expand the Concepts/Subconcepts we will see a big list of categories. We can include a subconcept in our policy like Visa or the credit card concept that would include all credit card types.

Macintosh HD:Users:jose:Desktop:pol4.png

In the applications section, we can see a list (that can be extended by the user) that allows the blocking of several programs.

Macintosh HD:Users:jose:Desktop:pol5.png

In Step 3 we can see a list of the groups that we have already imported, the action that will be carried out, and the severity (how severe is the group of users that triggered the policy).

Macintosh HD:Users:jose:Desktop:pol6.png

We only have to select the groups that we want to be affected by the policy. When defining the action, it can be:

  • Log: logs the event in the Drainware database for audit purposes.
  • Alert: an e-mail is sent by default to the e-mail address used for sign up in Drainware, but it can be overridden by another address specified only for this policy.
  • Block: prevents filtering of information.

In all cases, the employee that executes the policy will see a notification.

Macintosh HD:Users:jose:Desktop:pol7.png

We only have to click the “Finalize” button and the policy will be created.

Macintosh HD:Users:jose:Desktop:pol8.png

Every time we create a policy, it will appear in the policies list. In this list, we have 3 buttons:

  • Configuration: we can configure the information to protect, like we configured in step 2.
  • Action: we can re-define actions for the different groups, like we configured in step 3.
  • Remove: removes the policy.

Once the policy is created, it can’t be renamed.

Macintosh HD:Users:jose:Desktop:pol9.png

Rules

With “Rules”, we can define our own information patterns to protect inside the policies. We can include, for example, confidential footers that we usually introduce in documents with confidential information. We can also add regular expressions that describe any confidential documents that we want to protect.

To create a rule, we have to introduce a name without spaces and special characters (A), a description (B), optionally, we can include a verification function in PHP (C) and we can define which policies we want to associate with this rule (D). Like policies, rules can’t be renamed either.

Tip:

If we want to use a verification function in PHP, it will receive the variable “$match” that contains the resulting match after the regular expression is applied. It will be necessary that after analyzing $match, it will assign TRUE (accept match) or FALSE (deny match) to the “$return_val” variable.

Macintosh HD:Users:jose:Desktop:rule.png

Files

For very exceptional cases, it’s possible that a rule can’t cover all our requirements and we’d want to sign up for a file. In these cases, we can upload a file to help Drainware to identify when someone is trying to filter information.

The procedure is very simple. We can upload one or more files and they will be automatically available to associate with our policies. We only have to go to the policy configuration and select the filename.

Every time we upload a file, this will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:files.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Before uploading a file, we suggest to use a unique filename or even put the current date to distinguish it from another with the same name.

 

Network Sites

In the network sites section, we can add Windows shared folders with the format \\server\resource.

This functionality is one of the most interesting ones. The endpoint software is ready to identify all the files copied in a computer from the shared folder added in Drainware. Once the file is copied, Drainware will check every file or every copy of them throughout the computer’s file system, allowing you to work with it, but denying its filtration.

For Network URI, we have to input the shared folder location., We must also introduce a short description, and then select the different policies to apply.

It will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:network place.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Only files that have been copied after add the shared folder will be monitored.

 

Applications

To add more applications and include them in our policies, we can add them in the “Manage Applications” section.

To add a new application, we will need its name, for example, iexplorer.exe, or skype.exe. Similarly to the other sections, we have to put a short description and select the policies to associate with it. It will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:apps.png

Advanced

Description: Macintosh HD:Users:jose:Desktop:block_crypt.png In the Advanced section of Drainware, we can configure the behavior of the DLP. We have 3 sections to configure its behavior.

The first section will allow us to block access to encrypted information within particular groups. The behavior will be the same as a file affected by blocked policy.

Description: Macintosh HD:Users:jose:Desktop:evidence.png

The second section will allow us to collect evidence every time an event is carried out. This configuration is directly related to an action defined in the policy, where we can define a criticality level for each group. In this configuration, we can select ‘None’ if we don’t want to collect evidence or the minimum level from which we would want to make for the collection. If we select the low level, the collection will be available for the low, medium, and high levels. If we select the medium level, it will be available only for the medium and high levels. And if we select high, it will be available only for that level.

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

The configuration of the evidence collector is only available for the Premium users. The Freemium users will receive the first 3 screenshots every month.

 

In the last section, we can globally enable or disable modules that affect all policies. In Drainware we consider 3 types of elements:

  • Source: information origin
  • Sink: information destination
  • Pipe: information channel

Description: Macintosh HD:Users:jose:Desktop:dlp_advanced.png

In sources, we currently only have “Network device”. That allows us to recognize Windows shared folders. If we disable this origin, the “Network Sites” section will stop working and it won’t be visible in the menu anymore.

In Sinks we have several modules that monitor the application of the corresponding action (block, alert or log):

  • Dropbox
  • Skydrive
  • Google Drive
  • Network Device
  • Pendrive
  • Printer

Finally, in Pipes we can monitor:

  • Clipboard Image
  • Clipboard Text
  • Keylogger

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

The keylogger module doesn’t allow block the tipping, because until it isn’t written it can’t be analyzed.

 

Notifications

Notifications can’t be configured in the DLP menu, they must be defined in the “General” section, but they are directly related to the DLP.

The notifications allow, as long as we have a browser opened and logged in, the receiving of notifications in real-time when an event is carried out.

We don’t recommend enabling the notifications for all actions and events, because, if they are executed regularly, it can be annoying.

The notifications are HTML5 notifications and they are integrated with the desktop of the operating system, as long as the browser and the operating system support it.

Description: Macintosh HD:Users:jose:Desktop:notifications.png

Sandbox

The Sandbox feature allows us to protect applications against virus. It’s not an antivirus replacement, but rather, a complement.

Description: Macintosh HD:Users:jose:Desktop:menu_sandbox.png

Previously, hackers took advantage of security problems in the server’s software to gain access to the organization. But a security suite was developed to enable firewalls, IDS, IPS…

In the last few years, hackers have taken advantage of new vectors. Using tools like LinkedIn, they can discover who a financially responsible person is, and what contacts he has. From that moment they can make an attack based on spear-phishing that consists of sent e-mails assuming his identity with an attached PDF or an URL that steals data or opens a connection to the outside.

Applications

In Drainware, we develop rules that allow us to block the affected applications before the system will be affected.

Description: Macintosh HD:Users:jose:Desktop:sandbox.png

Inspector

With the Inspector module, you can search in real-time over all the computers in the organization.

Description: Macintosh HD:Users:jose:Desktop:menu_inspector.png

It’s possible that in the organization we have a person or a group of people working with the kind of information to which they shouldn’t have access. It could be done unconsciously or premeditated. Either way, we can find out with the Inspector tool.

Furthermore, once we have experienced a leak of information, it is often very difficult to check all the computers where the related document was. With Inspector, it is possible in seconds, to find very specific files, download them, and even browse through the file system of the computers affected.

Remote search

With the remote search we can start to obtain results.

Description: Macintosh HD:Users:jose:Desktop:search_result.png

The search can take several minutes. The results are shown grouped by the name of the computer where the file was found. Expanding the results by computer, it’s possible to see the file details by clicking on it. We can see information about the modification date, file name, mime type, creation date, and short information about the file header. It’s also possible to download it.

Description: Macintosh HD:Users:jose:Desktop:details.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

You shouldn’t search by very short terms or generic terms. The result can take too much time or it can be unmanageable.

 

It’s possible to browse through one of the computers listed in the results. To do this, you must click on the computer name or IP address (red area).

Description: Macintosh HD:Users:jose:Desktop:browse.png

The file explorer feature is further detailed in section 7.3 of this manual.

Multiple Remote Searches

If we want to search for a lot of terms, it’s possible to use the Multiple Remote Searches function.

To use this feature, you have to create a file with all the search terms in one line, separated by commas. We can create different lines, each one with its own keywords.

keyWordGroupA-1, keyWordGroupA-2, keyWordGroupA-3

keyWordGroupB-1, keyWordGroupB-2

keyWordGroupC-1, keyWordGroupC-2, keyWordGroupC-3

The file extension must be TXT. In addition to uploading the file, we must input a name for this report.

Description: Macintosh HD:Users:jose:Desktop:multiple.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

You shouldn’t search for very short terms or generic terms. The results can take too much time to obtain, or the results can be unmanageable.

 

Remote Files explorer

The Remote Files Explorer allows us to inspect any computer in the organization with Drainware installed.

We will have to provide some details about the computer: computer name, IP address, and optionally, the path. From this point, we can browse through any device in the computer and even download files.

Description: Macintosh HD:Users:jose:Desktop:browse_details.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Drainware is not developed to be an FTP server. Downloading a file with several MB in size can take several minutes until the download starts.

Remote Devices

With this feature, we can see the geographic position of all the devices that have Drainware installed.

In most cases, the geolocation is performed through the IP address, but when the Wi-Fi is activated, it’s possible that the geolocation is performed through Wi-Fi triangulation.

Description: Macintosh HD:Users:jose:Desktop:inspector_map.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Make sure that you don’t refresh the webpage until all the endpoints have responded, especially in networks with thousands of endpoints, as the webpage loading could take several minutes.

In addition to the geolocation of the devices, it’s possible to get a network map encapsulating all the computers that belong to the same ranges. To that effect, we will click on the Network View tab.

Description: Macintosh HD:Users:jose:Desktop:Screen Shot 2013-11-19 at 14.59.29.png

The results are shown in circles, where every circle represents a range or a group of ranges.

Description: Macintosh HD:Users:jose:Desktop:network-1.png

Description: Macintosh HD:Users:jose:Desktop:network3.png It’s possible to click on the segments that we want to inspect and see all the computers connected at that moment.

Reporter

With the Reporter module, we can have access to the data recorded by Drainware. We can get details of every module or statistic from the global behavior of the DLP, Inspector, or Sandbox.

Description: Macintosh HD:Users:jose:Desktop:menu_reporter.png

DLP Events

Once we open the DLP events information, we can see a graph with all the events related to the data leak. Under the graph, we can see a table with a list of related events, ordered from the most recent to the oldest. The table has some controls at the bottom where we can refresh it or browse through.

Description: Macintosh HD:Users:jose:Desktop:DLP.png

The list only shows a preview of the event. If we want to see detailed information, we must click on it.

The details of each event are shown in a table that provides all the information related to the event. Depending on the configuration, it’s also possible to see a screenshot done at the same moment that the event was carried out.

Description: Macintosh HD:Users:jose:Desktop:DLP_events.png

Description: Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotations: Freemium users can only see the first 3 screenshots every month.

Under the table, there is a button which generates a report with the latest security events.

Description: Macintosh HD:Users:jose:Desktop:export.png

If we want to find events by a range of dates, event type, policy, severity, rule, etc., we can use the “Advanced Query” system. As we can have a result with too many events, it’s possible to fill in the maximum number of events we want to show in the result.

Description: Macintosh HD:Users:jose:Desktop:DLP_reporter_Search.png

Every time a query is generated, it’s possible to export the results in CSV format. In order to do this, you have to click on the Generate Report button at the end of the page:

Description: Macintosh HD:Users:jose:Desktop:export.png

DLP Stats

The events and detail of events information is interesting, but in many cases, it’s necessary to have a view at a higher level of what is happening with confidential information or to know how the policies that we have configured are working. To do so, we will create data analysis and statistics.

Activity

In the same graph, it represents the average between severity, action, and the number of events. The policies with more events are located to the right, with the vertical axis representing the average of the actions carried out, where the block is the highest part. The average of the severity is shown in the size of the circle. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:dlp_report.png

Groups by policy

In this graph we can see the groups that carried out more events of one policy. In the top left combo box, you can select a period of time. In the top right combo box, you can select the policy.

Description: Macintosh HD:Users:jose:Desktop:group_by_policy.png

Users by policy

In this graph, we can see the users that carried out more events of one policy. In the top left combo box, you can select a period of time. In the top right combo box, you can select the policy.

Description: Macintosh HD:Users:jose:Desktop:user_by_policy.png

Policy

With the policy graph, we can analyze the policies with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:policy.png

Groups

With the policy graph we can analyze the groups with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:group.png

Sandbox Events

We can see a graph with related events with attempts to abuse applications. Under the graph, we can see a table with the list of events, ordered from the most recent to the oldest. The table has some controls at the bottom where we can refresh it or browse through.

Sandbox Stats

Applications

With the applications graph, we can analyze the policies with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:sandbox_apps.png

Groups

With the policy graph, we can analyze the groups with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:sandbox_groups.png

Inspector search reports

When we make multiple remote searches from the Inspector section, the results are generated in this section. We can find the report by a range of dates to download in Microsoft Excel format.

Description: Macintosh HD:Users:jose:Desktop:reporter_inspector.png

Troubleshooting

Corporate Proxy

Drainware supports connection through a proxy, either configured in the system or auto-configured. However, if the proxy uses authentication, it’s necessary to enable “*.drainware.com” in the accessible domains without authentication.

If you are using SQUID, the configuration would be the next one:

acl drainware dstdomain .drainware.com

acl CONNECT method CONNECT

acl dwCONNECT dstdomain .drainware.com

http_access allow CONNECT dwCONNECT localnet

http_access allow drainware localnet

 

Share with your friends










Submit

Author

Jose Palanco

VP Threat Intelligence at ElevenPaths