Princess Cruises

Princess Cruises escape completely has something for everyone exclusively with Travelonly

Spanning five continents and more than 120 ports of call, the world of Princess Cruises has something for everyone. Find adventure in Alaska. Golf in Hawaii. Dive a shipwreck in the Caribbean. Shop in Italy. Or just look good on the French Riviera. With more than 65 itineraries calling on 52 countries, there’s definitely a cruise that’s perfect for you and yours.
Alaskan cruises with Princess CruisesAlaska
So incredibly beautiful, you’ll think you stepped into a painting. This is Alaska as seen from the panoramic perspective of your dazzling Princess cruise ship. Monumental glaciers are nature’s draw and Alaska’s waterways reveal more of these thrilling Ice Age giants than anywhere else on earth. Alaska’s Inside Passage is one of the most scenic sea-lanes in the world, home to bald eagles, whales, sea lions, otters, brown bears, mountain goats and flocks of seabirds. Plus you’ll visit a variety of flavorful ports of call full of rich history and native culture. Choose to sail on one of seven ships in our Alaska fleet, ranging from the magnificent Diamond Princess to the more intimate Royal Princess. Our four unique itineraries span from seven to 14 days, exploring the breathtaking seaways and quaint ports of the Inside Passage and Gulf of Alaska.

Find your Alaskan Cruise
Asian cruises with Princess CruisesAsia
Asia is full of ancient cultures, unparalleled in exotic beauty and mysticism. From Southeast Asia to the Far East and India, explore the myriad customs and traditions of each one. The fascinating countries of Vietnam, China, Japan and Thailand are equally amazing and yet vastly different. See the great Buddhas of Bangkok or experience a whirlwind shopping-spree in Hong Kong. Explore the temples of Japan and the monuments of Beijing. The magic never ends on this side of the world. The Silk Road, the Spice Route and Xanadu beckon. Wander among ornate gilded pavilions, ancient temples, modern skyscrapers and bustling street markets filled with foreign and wonderful fruits and vegetables, not to mention just about everything else imaginable. Asia is really an escape of a lifetime.

Find your Asian Cruise

Australia and New Zealand cruises with Princess CruisesAustralia & New Zealand
Australia and New Zealand provide some of the most unique and beautiful landscapes in the world. Spotlight the bustling metropolises of Sydney and Auckland, plus the incredible wildlife on land and at sea, and you have all the elements for a truly memorable vacation. From the sophistication of the Opera House and the world-class wineries, to the rugged individualism of the Outback and its inhabitants, Australia and New Zealand possess a wonderful diversity of sights, activities and cultures. Few travel experiences can rival the excitement of sailing into the glistening harbors of Sydney and Auckland, as well as inspiring attractions, such as scenic Fiordland National Park and the wonders of the Great Barrier Reef, just to name a few.

Australia & New Zealand
– Join Princess for a 12-day adventure to Australia: the land Down Under. See breathtaking fjords, charming towns and modern metropolises as you cruise between Sydney and Auckland.Australia & Asia – Cruise Southeast Asia and Australia for a taste of dramatically distinctive cultures on this amazing 19-day voyage between Singapore and Sydney.

Find your South East Asia cruise

Europe cruises with Princess CruisesEurope
From the inviting beaches of the Greek Isles and the sparkling palaces of fabled capitals to remote outposts and breathtaking landscapes, Princess Cruises will show you all the best of Europe. Sail with us and visit the gems of the Mediterranean, Scandinavia and Russia, the British Isles, the Holy Land and beyond. We have countless itineraries to choose from aboard six amazing ships – large and small – from enthralling 7-day Interludes and signature 12-day cruises that visit all the best places, as well as 18- to 36-day in-depth explorations. And with our 2-Day experiences on select voyages, you get an extra day in places like St. Petersburg, Russia, and Giza, Egypt, to take in all the must-see attractions of the region. We’ve been sailing these legendary waters for decades. Let Princess introduce you to the Europe we’ve gotten to know so well.
Find your Northern Europe Cruise


Find your Southern Europe Cruise

Canada and New England cruises with Princess CruisesCanada & New England
Autumn is glorious in Canada and New England. The sun still shines on the Eastern Seaboard’s many seafaring towns and the cool fall air turns the foliage a dazzling crimson and gold. A trip to Canada and New England uncovers the history and character that started a nation. With the quaint Colonial charm of New England towns and the spectacular Canadian coastline, history is everywhere you look. Discover the very fabric of the cities and towns that are woven with history and experience French Canada’s unique flavor and culture. Follow in the footsteps of our forefathers in cities like Norfolk, Charleston and Boston. Visit the bright lights of New York City. Fall in love with quintessential French Québec City and get charmed by quaint villages from Saint John to Bar Harbor. There’s just no better way to experience the East Coast’s autumn color than onboard a Princess cruise.

Find your Canada/New England Cruise







Hawaii, Tahiti, and south pacific cruises with Princess CruisesHawaii, Tahiti & South Pacific
The South Pacific holds an abundance of natural treasures and the islands of Hawaii and Tahiti are just two of their better-known jewels. From the legendary beauty of French Polynesia’s Bora Bora to the lush Hawaiian landscape of Kauai and the pristine beaches of Tahiti, immerse yourself in the diverse, yet singular Polynesian culture and experience the warmth of the Aloha Spirit. These lush tropical sanctuaries are the ideal places to relax, unwind and embrace “Island Time.” Discover Hawaii and its South Pacific cousins.

Find your Hawaiian Cruise

Mexican Riviera cruises with Princess CruisesMexican Riviera
Sun, sand and surf – what more could you ask for? The Mexican Riviera is filled with rich culture, bright flavors, scenic vistas, and most definitely, fun in the sun. The La Quebrada cliff divers of Acapulco will leave you amazed at their daredevil flying feats. The cobbled streets of Puerto Vallarta’s Malecón are ideal for a relaxing stroll. And the deep-water lagoons, coconut groves and laid-back attitude of Zihuatanejo provide a delightful taste of Old Mexico. Don’t forget Mazatlán’s long sandy beaches and the chance to spot humpback and gray whales off Cabo San Lucas. There is so much to do and see on the Riviera. By day, swim, fish, shop or soak up the local culture. By night, savor the bold and fresh flavors of the region, like handmade tortillas and fresh guacamole, then pick up some new steps, dancing the night away to a salsa beat. It’s time to go to the Mexican Riviera.

Find your Mexican Cruise
Panama Canal cruises with Princess CruisesPanama Canal
Grand Mediterranean Cruise – This popular European cruise itinerary from the Rome visits Naples, Venice, Messina and Livorno. So, you’ve got Italy covered from the Grand Canal to Mt. Etna, as well as the treasures of Florence and Pisa. But, there’s so much more. Like Croatia’s walled city of Dubrovnik and the fantastic attractions of when you sail into the Barcelona cruise port. Each Mediterranean cruise port of call is unparalleled to any other you’ve seen. All of the European cruise ports are historically breath-taking and a must-see to believe sight.Panama Canal – Sail through the historic Panama Canal on your cruise to the Caribbean or Mexico and Central America.

Grand Panama Canal – Make your own history and experience a full crossing of the Panama Canal, departing from Vancouver or Los Angeles.

Find your Panama Canal Cruise

 

World cruises with Princess CruisesWorld Cruise
A Princess World Cruise – the Ultimate Vacation You’ve always wanted to see the world. With a Princess World Cruise vacation, you’ll sail on an exquisite small ship for more than 100 days and visit more than 40 spectacular ports, seeing more captivating cities, storied attractions and fascinating cultures than you ever dreamed possible.
The Princess World Cruise – it’s truly an adventure of a lifetime.

Find your World Cruise

 

January: 107 Days on Pacific Princess
Sailing from Ft. Lauderdale to Rome, you’ll visit must-see places like the Panama Canal, mysterious Easter Island, delightful Sydney, India’s vibrant Mumbai, South Africa’s incredible Cape Town, the jewels of the Mediterranean, the South Pacific and much more.

May: 104 days on Dawn Princess
Sailing roundtrip from inviting Sydney, you’ll explore exotic ports in Malaysia and on the Arabian Peninsula on your way to the treasures of the Mediterranean and Northern Europe. Then you’ll cross the Atlantic for stops in Central America, Mexico and the pearls of the South Pacific.

World Cruise Segment Voyages
For travelers who would like to be part of a Princess World Cruise, yet prefer a shorter option, we offer Segment Voyages, spotlighting specific regions of a World Cruise itinerary. Segments range in length and can be combined to create your ideal dream vacation.

World Cruise Experience
Sailing in relaxed, refined style on your inviting Princess ship, you’ll enjoy special touches that bring the places you visit right onboard, and you’ll form a unique bond with fellow passengers who share your passion for travel.

Find your World Cruise

South America cruises with Princess CruisesSouth America
This exotic, mysterious and magical region of the world is a feast for all five senses. South America’s colorful cultures and alluring history feed your appetite for adventure and it becomes contagious. This is the region where you will experience contrasting cities, stunning archeological ruins, icy fjords, lush dense jungles and landscapes so remote that they’ve rarely been seen by anyone but the most intrepid explorers. With imagery that can only be described as otherworldly, sail Cape Horn’s magnificent coastline, explore the misty ruins of Machu Picchu, discover the energetic vibe of Rio de Janeiro and much more. And if that’s not enough, legendary Antarctica lies just beyond with its towering cliffs of blue ice. Without a doubt, it’s a fascinating destination to explore.
Find your South American Cruise

Book a Princess Cruises! Call 1-866-496-9862
Princess Cruises – Cruise Ships
How could such a large ship offer so much, yet feel so intimate and personal? Every vessel in our fleet is designed to give you plenty of room to yourself, with spacious decks, comfortably elegant public spaces and inviting balcony staterooms. Yet each also creates wonderful opportunities to socialize with a variety of sensational activities and entertainment to suit your mood.
Princess Cruises cruise ship Caribbean Princess
Caribbean Princess®

Is one of the stars of the region that bears her name. Get a workout at the fitness center, then rejuvenate with a pampering treatment in the Lotus Spa® or out on deck in the adults-only oasis, The Sanctuary. You’ll enjoy an array of freshwater swimming pools and hot tubs, lounges and clubs, a library, lavish production shows, extensive options for children and much more – plus fine dining in specialty restaurants like Sabatini’s® and the elegant Crown Grill,SM Traditional or Anytime DiningSM rooms and the new Vines wine & seafood bar. And of course, Movies Under the Stars®. It’s all you would expect of a ship this grand. 

Princess Cruises cruise ship Crown Princess
Crown Princess®
The awe-inspiring Crown Princess is the sparkling jewel of the Princess Fleet. Modern and luxurious, it features wonderful spaces like the lovely piazza-style Atrium, with its International Café and Vines wine & seafood bar. The inviting dining experience continues in venues like Crown GrillSM and Sabatini’s,SM or on your very own balcony with Ultimate Balcony Dining. And throughout each ship, you’ll enjoy a range of delightful pursuits – stylish bars and lounges, freshwater swimming pools and fitness opportunities, art auctions, shopping and activities, ScholarShip@Sea® courses, Movies Under the Stars® and more.
Princess Cruises cruise ship Emerald Princess
Emerald Princess®
Everything you would expect from a modern, luxurious cruise ship. As with most of our ships, the theme is choices. There are multiple dining options, including Traditional and Anytime DiningSM and specialty venues like the popular Sabatini’sSM Italian restaurant. There is the Lotus Spa® with its myriad treatments, and fitness center where you can stay trim from all the delicious cuisine. You’ll enjoy watching Movies Under the Stars®, and will have nearly 900 balcony staterooms from which to choose. 

Princess Cruises cruise ship Grand Princess
Grand Princess®
A spectacular floating palace with a sense of space and intimacy. As you explore this ship, you’ll discover refreshing swimming pools, tax and duty-free boutiques, the Lotus Spa,® a nine-hole putting course, the Atlantis Casino, art auctions, ScholarShip@Sea® courses, lavish musical productions, and our big-screen extravaganza, Movies Under the Stars® and adults-only on-deck venue, The Sanctuary. Each evening, savor classic Traditional Dining or more flexible Anytime Dining,SM as well as other offerings. 

Princess Cruises cruise ship Ruby Princess
Ruby Princess®
Featuring many signature Princess innovations, including our Movies Under the Stars® poolside theater, The Sanctuary, a private retreat just for adults, and a glittering piazza-style Atrium with entertainers and an array of casual eateries. There are also multiple dining venues, specialty restaurants, nightclubs and a theater, freshwater swimming pools, the rejuvenating Lotus Spa® and nearly 900 staterooms with private balconies. 

Princess Cruises cruise ship Sea Princess
Sea Princess®
An oasis of refined pleasures and relaxing pursuits. You’ll enjoy the choice of Traditional and Anytime DiningSM in the Traviata or Rigoletto dining rooms, or specialty dining in Sterling Steakhouse.SM Activities and amenities include swanky bars and lounges, enrichment courses, fine shopping, a youth center, the Lotus Spa,® and the sensational Movies Under the Stars.® For a more personal view of the incredible destinations you’ll be visiting, choose one of over 400 affordable balcony staterooms – where you might just want to try Ultimate Balcony Dining when the mood strikes for something truly extraordinary.
Princess Cruises cruise ship Sun Princess
Sun Princess®
Along with its sister ships Dawn and Sea – has more than 400 balcony staterooms, so you can wake up to your own exclusive vista. Take a dip in one of three spacious pools or spend your evening at one of the show lounges with unique performances each night. Dining options are also plentiful, including two formal dining rooms, the Sterling SteakhouseSM and the 24-hour Horizon Court. And don’t miss the Lotus Spa® for some pampering. 

Princess Cruises cruise ship Royal Princess
Royal Princess®
A gem of a ship, providing a wonderful and intimate ambience for visiting the world’s fascinating destinations. Onboard, you’ll delight in many of the trademark features you’ve come to know on other Princess cruise ships – ScholarShip@Sea® courses, fresh-water swimming pools, a casino, exciting nightspots and production shows. But she also boasts her own unique attributes, including fine wood paneling and leather armchairs, a library with over 4,000 titles – one of the best-stocked at sea – al fresco dining on deck and more. And three-quarters of her 355 staterooms offer the extraordinary vantage of your own balcony.
Princess Cruises cruise ship Coral Princess
Coral Princess®
A luxurious way to escape completely, with all the amenities for an amazing cruise vacation. It features an impressive array of dining options, such as specialty restaurants Sabatini’s Italian restaurant and the Bayou Cafe & Steakhouse, as well as a European-style casino, a cigar lounge and retro martini bar.

Princess Cruises cruise ship Dawn Princess
Dawn Princess®
Along with its sister ships Sun and Sea – creates paradise on the high seas. Featuring a wrap-around Promenade Deck, this spectacular ship has more than 400 balcony staterooms to enjoy the ever-changing scenery. Hot spots include the giant Movies Under the Stars® poolside screen, the adults-only oasis called The Sanctuary, two show lounges with nightly entertainment, and plenty of elegant and casual dining options from gourmet pizza to grilled steaks.
Princess Cruises cruise ship Diamond Princess
Diamond Princess®
A luxury destination in itself. Wake each morning in anticipation of a new horizon. Take in the view from one of nearly 740 balcony staterooms. Indulge in a hot stone massage at the renowned Lotus Spa®, enjoy fine dining in a formal or relaxed atmosphere and make it a cruise to remember.
Princess Cruises cruise ship Golden Princess
Golden Princess®
Taking you in style to places you’ve always wanted to see. Among this magnificent ship’s features are a lively piazza-style atrium, three state-of-the-art show lounges, a tranquil adults-only Sanctuary, the Movies Under the Stars® outdoor theater, sparkling pools, and numerous dining options, including showplace specialty venues. 

Princess Cruises cruise ship Island Princess
Island Princess®
Custom-built for the Panama Canal, the spectacular Island Princess is a destination all on its own. Get active in the fitness center or on the digital golf simulator, browse the world-class art collection or relax with a massage in the Lotus Spa® or The Sanctuary, our on-deck retreat for adults. Dining choices include specialty restaurants, Sabatini’sSM and the Bayou Café & Steakhouse, plus Traditional or Anytime Dining.SM Later, head for the themed casino, or take in an unforgettable show at the dazzling Universe Lounge. 

Princess Cruises cruise ship Sapphire Princess
Sapphire Princess®
Taking you in style to places you’ve always wanted to see. Among this magnificent ship’s features are a lively piazza-style atrium, three state-of-the-art show lounges, a tranquil adults-only Sanctuary, the Movies Under the Stars® outdoor theater, sparkling pools, and numerous dining options, including showplace specialty venues. 

Princess Cruises cruise ship Star Princess
Star Princess®
From the duty and tax-free boutiques to engaging ScholarShip@Sea® enrichment courses, Star Princess® invites you to discover her newest amenities, such as the International Café, serving an array of treats in the dazzling Italian-style piazza. Enjoy fine cuisine in Traditional or Anytime DiningSM venues, superb specialty dining at Sabatini’sSM and our latest addition, the Crown Grill,SM casual fare at open-air Prego Pizzeria or Trident Grill or choose from other offerings such as Vines wine and seafood bar. Follow a morning swim with an afternoon massage in the Lotus Spa® or under a cabana on deck at the newly added adults-only retreat, The Sanctuary. There are over 700 spacious balcony staterooms and entertainment options galore, plus this sparkling vessel now features that Princess favorite – Movies Under the Stars.® 

Princess Cruises cruise ship Pacific Princess
Pacific Princess®
Offering a more personal perspective as you enjoy the wonderfully relaxed ambience of small-ship sailing. Experience personalized service and distinctive features and venues, including the Club Bar, the Lotus Spa,® fitness center, casino and lounges, fine dining and specialty restaurants like Sabatini’s,SM and much more. With 70% affordable balcony staterooms, you can assure yourself a perfect view.
Princess Cruises cruise ship Ocean Princess
Ocean Princess®
Ocean Princess – along with her sister ship Pacific Princess – is our pearl of the Pacific. Smaller in size yet rich in amenities this beautiful vessel features an array of onboard activities. Relax on deck by the pool or get a massage at the Lotus Spa®. At night, fine fare abounds in refined dining rooms and specialty restaurants, with live entertainment rivaling anything on shore. And this ship offers more than 200 balcony staterooms so you won’t have to miss a single sunset.
Book a PrincessCruise! Call 1-866-496-9862
*Photos provided by Princess.com
Drainware - Jose Ramon Palanco

Projects

Drainware

22 January, 2020

Tags: , , , , , ,

Between 2011 and 2014 we developed (Cristian Sandoval, Marco Lojo, Antonio Moreno, .. among others) a Cloud Platform with DLP capabilities, now in 2020 it is Open Source. It was a very cool technology at that time, we used mongo, redis, rabbitmq, .. among other technologies. Most of the magic was inside the endpoint, written in C++.

This product is able to identify data leaks in buffers like the clipboard, screenshot (OCR), … monitor removable devices, network units, applications (minifilter driver), cloud apps (dropbox, one drive, google drive), printer (OCR), …

It uses geolocation based on the SSIDs using google location services to track stolen devices or known when a device was located when the data leak was performed.

It also comes with a basic sandbox to freeze applications abused by exploits by detecting suspicious traces in memory like nop-sled, heap-spray, ….

One of the coolest features was the distributed search across all endpoints of the organization. It was possible to find files, emails, documents, …

Another interesting feature is that the endpoint includes a PHP interpreter to run callbacks or create validators based in regular expressions, REST API calls or whatever you can imagine. It also uses ADS, ssdeep and several fun things you will find browsing into the code.

Promo video:

Now this project is opensource!

The code

You can download the source code at Github:

https://github.com/drainware

DISCLAIRME: Use the code under your own responsibility. This project is not maintained for a long time, so most of the dependencies are obsoletes and some of them vulnerable.

Screencasts

Drainware Intro:

Drainware DLP:

DLP Storage:

DLP Custom rules:

 

 

 

Manual

 

Introduction

This manual is written either to be read sequentially the first time, or can be used as a reference guide. During this reading you can find notices in the following formats:

Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotations: Concept clarifications

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!: Important concepts to keep in mind

Tip: Tricks, shortcuts and other tips

About Drainware

Drainware is a security platform that is like a service. It has several modules to protect the information and/or the computers that contain this information.

We offer Freemium license which means you can start using it for free with some restrictions in its features.

Requirements

Operating System

Drainware can be deployed on computers with Microsoft Windows OS installed. The currently supported versions are the following:

OS Architecture
Windows XP x86
Windows 7/8 x86/x64
Windows 10 x86/x64

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!

Windows XP is supported only with Service Pack 3 or later. We also have support for Windows XP SP2, but you have to install the following components:

Windows Search 4.0 for Windows XP (KB940157)

Wireless LAN API (KB918997)

    1. Minimum Hardware

CPU: Intel Pentium III 1 GHz or faster

RAM: 1 GB (2GB recommended)

HDD: 200 MB

Installation

Signing up in the system

Before installing Drainware, it’s necessary to have an account on the platform. To sign up in the system you’ll have to go to the official Drainware website at https://www.drainware.com and click on the sign-up button in the top-right menu.

 

home

register

This will show us a form where we must input the information requested: registry data, company name, VAT ID, and the number of employees.

The e-mail will be associated with your account and it won’t be able to be changed in the future.

For the number of employees field, we only have to consider the ones that normally work with a computer.

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!: The password must have at least 8 characters.

Afterward, you will receive an e-mail that will allow you to validate your new account.

register_mail

When the license has been validated, it will redirect us to the sign-in page where we will have to input the e-mail and the password that we have entered in before.

login

Software endpoint installation

Once we have the license validated and entered our credentials, we are correctly signed in and able to download the software. After sign in, we have the possibility to download the installer. To the right of the download link, we have the license number that is a 16 digit code that we will need during the installation.

Download

This installer will install the 32 or 64-bit version, depending on the operative system used.

Advanced Installation

It is possible to deploy the endpoint in an unattended manner. This is very useful if you have a lot of users and you want to deploy it on a mass scale.

To do that, you can find the .msi installers available in the following URL

http://update.drainware.com/

The procedure to install it through the command line is below (where you must replace the red text by your license number):

msiexec /i file.msi /quiet /noreboot DDI_LIC=XXXX-XXXX-XXXX-XXXX

If you prefer you can use this logon script:

Name: drainware_logon.vbs

Function GetWindowsArchitecture(strComputerName)

Set objWMI = GetObject("winmgmts://" & strComputerName & "/root/cimv2")

Set colItems = objWMI.ExecQuery("Select * from Win32_OperatingSystem", , 48)




For Each objItem In colItems

GetWindowsArchitecture = "32-bit"

If left(objItem.Version,3) >= 6.0 Then

GetWindowsArchitecture = objItem.OSArchitecture

End If

Next

End Function

Function GetProgramsFolder()

Set wshShell = WScript.CreateObject("WScript.Shell")

GetProgramsFolder = wshShell.ExpandEnvironmentStrings("%programfiles%")

End Function

Function ExistDrainwareSecurityDir()

Set objFSO = CreateObject("Scripting.FileSystemObject")

ExistDrainwareSecurityDir = objFSO.FileExists(GetProgramsFolder() & "\Drainware\Drainware Security Endpoint\DrainwareSecurityAgent.exe")

End Function

Function DownloadDSE(strRemoteDSE, strLocalDir)

Set objFSO = CreateObject("Scripting.FileSystemObject")

objFSO.CopyFile strRemoteDSE, strLocalDir & "\"

End Function

Function InstallDSE(strLicense, strRepository)

If Not ExistDrainwareSecurityDir() Then

Set wshShell = WScript.CreateObject("WScript.Shell")

Select Case GetWindowsArchitecture(".")

Case "64-bit"

Rem Msgbox "Installing Endpoint 64-bit " & strLicense

strRemoteDSE = strRepository & "\SetupCloud.msi"

strLocalDSE = wshShell.ExpandEnvironmentStrings("%temp%") & "\SetupCloud.msi"

Case "32-bit"

Rem Msgbox "Installing Endpoint 32-bit " & strLicense

strRemoteDSE = strRepository & "\SetupCloud32.msi"

strLocalDSE = wshShell.ExpandEnvironmentStrings("%temp%") & "\SetupCloud32.msi"

End Select

DownloadDSE strRemoteDSE, wshShell.ExpandEnvironmentStrings("%temp%")

Rem Msgbox "msiexec /qn /i " & strLocalDSE & " ddi_lic=" & strLicense

Rem WshShell.Run "msiexec /qn /i " & strLocalDSE & " ddi_lic=" & strLicense

Msgbox "Your computer will restart after a few seconds"

End If

End Function

Dim strLicense

Dim strRepository

strLicense = WScript.Arguments(0)

strRepository = WScript.Arguments(1)

InstallDSE strLicense, strRepository

 

Usage:

drainware_logon.vbs LICENSE LOCATION

example: drainware_logon.vbs XXXX-XXXX-XXXX-XXXX \\mynas\resources\dlp\

The location must contains both msi files (for x86 and x64)

Useful links

Create a GPO (Windows 2008)

Initial configuration

In this section, we will go through the initial configuration of Drainware. These are the available options in the left menu (red area) of Drainware once you sign in.

menu

Credentials

In this section, we can update our password. If we want to change it, we also have to fill in the current password.

credentials

Subscription

Drainware has two different subscription types. One is the Freemium option, which offers a monthly service with a limit of 500 security events; after 500 events, the organization will be unprotected until the first day of the next month.

On the other hand, we offer a Premium subscription that is based on the number of users you wish to protect. The Premium subscription includes unlimited events (as long as use remains reasonable).

In this section, it is possible to check the validity of the subscription and upgrade it in the case of using a Freemium subscription.

If you have questions about this section, please write an e-mail to sales@drainware.com and our sales team will be happy to assist you.

Groups

It is possible that in your organization you would like to apply different policies depending on groups of users. We can organize the groups by areas or departments, depending on the requirements of the organization.

In this section, we can create the groups inside our platform and then apply policies directly over them.

It is possible to integrate the groups in the organization directly with Drainware, and this topic is explained in more detail in section 4.5.

Users

Every time that user logs in to a computer protected with Drainware, the server is notified, and it will register it in the system. From that moment, we can associate that user to one or more groups.

Authentication

To integrate Drainware with your organization, we offer an authentication module. We have 2 different options to configure the authentication module: local authentication or LDAP.

By default, Drainware works in the local authentication mode, in such a way that the group information is already in our platform.

With the LDAP option, it’s possible to integrate an LDAP server or Active Directory Domain to be able to use the users and groups of the organization.

If you want to integrate LDAP, it’s necessary to open the LDAP port to the Internet. We recommend opening it with SSL exclusively.

If you want to integrate it with Active Directory, you should use the following information:

Field Value
Type LDAP
SSL Depending on your configuration
Version 2.0
Host IP or Computer Name
Port 389 or 636 if it’s SSL
DN DOMAIN\user
Password User Password
Base DC=DOMAIN, DC=LOCAL
User Attr sAMAccountName
Recursive Groups Optional

We recommend to use always LDAP with SSL and to block any connection except if it comes from our public IP Adress.

We also have the “Recursive Groups” option. This option allows users in nested groups to resolve the groups to which they don’t directly belong.

Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotation: If an LDAP user doesn’t belong to any of the imported groups, it will belong to the default group automatically.

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

When the LDAP is integrated, all users will be available in the platform however the same doesn’t happen with the groups. The groups must be imported one by one from the group’s section, which will also be integrated with LDAP.

Time Zone

It’s possible that the employees of an organization work or travel around the world. Therefore, in Drainware, we work with the UTC time zone. In order to translate the time between different time zones, we offer the possibility to select the time zone where the administrator wishes to see the events.

Dashboard

The main window of Drainware shows an overview of the security events that happened since the installation of Drainware. It also shows the details of the events that happened since the beginning of every month.

Macintosh HD:Users:jose:Desktop:dashboard.png

For Freemium users, it shows a status bar that shows the monthly events. When the number of events reaches 500, Drainware will stop working until the beginning of the next month. The administrator will then receive an e-mail notification that the organization is not protected with Drainware anymore.

Tip:

To the right of the monthly events bar, you can find a link to get more free events per month in the Freemium version. To receive more free events, you only have to share a link with the reference code. For every verified installation referred to this code, Drainware will give you 100 extra free events per month.

DLP

In the DLP module (Data Loss Prevention), we can control the confidential information inside the organization to prevent data leaks.

Macintosh HD:Users:jose:Desktop:menu_dlp.png

Policies

The policies define what information you want to monitor and what action will be carried out. In the policies creation section, we provide a wizard that makes the whole process easier. We’re going to create a policy with the name POL001 and the description of “Policy 1”.

Macintosh HD:Users:jose:Desktop:pol1.png

In the first step we have to provide a name and a short description of the policy:

Macintosh HD:Users:jose:Desktop:pol2.png

In the next step, we have to define the information that we want to protect.

We can see the next menu:

  • Concepts / Subconcepts: patterns predefined by Drainware to identify the information.
  • Applications: applications that we’ll deny any access to confidential information.

As we continue configuring Drainware, this section will contain other elements such as rules, files, and network sites; which will see in the next sections.

Macintosh HD:Users:jose:Desktop:pol3.png

If we expand the Concepts/Subconcepts we will see a big list of categories. We can include a subconcept in our policy like Visa or the credit card concept that would include all credit card types.

Macintosh HD:Users:jose:Desktop:pol4.png

In the applications section, we can see a list (that can be extended by the user) that allows the blocking of several programs.

Macintosh HD:Users:jose:Desktop:pol5.png

In Step 3 we can see a list of the groups that we have already imported, the action that will be carried out, and the severity (how severe is the group of users that triggered the policy).

Macintosh HD:Users:jose:Desktop:pol6.png

We only have to select the groups that we want to be affected by the policy. When defining the action, it can be:

  • Log: logs the event in the Drainware database for audit purposes.
  • Alert: an e-mail is sent by default to the e-mail address used for sign up in Drainware, but it can be overridden by another address specified only for this policy.
  • Block: prevents filtering of information.

In all cases, the employee that executes the policy will see a notification.

Macintosh HD:Users:jose:Desktop:pol7.png

We only have to click the “Finalize” button and the policy will be created.

Macintosh HD:Users:jose:Desktop:pol8.png

Every time we create a policy, it will appear in the policies list. In this list, we have 3 buttons:

  • Configuration: we can configure the information to protect, like we configured in step 2.
  • Action: we can re-define actions for the different groups, like we configured in step 3.
  • Remove: removes the policy.

Once the policy is created, it can’t be renamed.

Macintosh HD:Users:jose:Desktop:pol9.png

Rules

With “Rules”, we can define our own information patterns to protect inside the policies. We can include, for example, confidential footers that we usually introduce in documents with confidential information. We can also add regular expressions that describe any confidential documents that we want to protect.

To create a rule, we have to introduce a name without spaces and special characters (A), a description (B), optionally, we can include a verification function in PHP (C) and we can define which policies we want to associate with this rule (D). Like policies, rules can’t be renamed either.

Tip:

If we want to use a verification function in PHP, it will receive the variable “$match” that contains the resulting match after the regular expression is applied. It will be necessary that after analyzing $match, it will assign TRUE (accept match) or FALSE (deny match) to the “$return_val” variable.

Macintosh HD:Users:jose:Desktop:rule.png

Files

For very exceptional cases, it’s possible that a rule can’t cover all our requirements and we’d want to sign up for a file. In these cases, we can upload a file to help Drainware to identify when someone is trying to filter information.

The procedure is very simple. We can upload one or more files and they will be automatically available to associate with our policies. We only have to go to the policy configuration and select the filename.

Every time we upload a file, this will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:files.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Before uploading a file, we suggest to use a unique filename or even put the current date to distinguish it from another with the same name.

 

Network Sites

In the network sites section, we can add Windows shared folders with the format \\server\resource.

This functionality is one of the most interesting ones. The endpoint software is ready to identify all the files copied in a computer from the shared folder added in Drainware. Once the file is copied, Drainware will check every file or every copy of them throughout the computer’s file system, allowing you to work with it, but denying its filtration.

For Network URI, we have to input the shared folder location., We must also introduce a short description, and then select the different policies to apply.

It will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:network place.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Only files that have been copied after add the shared folder will be monitored.

 

Applications

To add more applications and include them in our policies, we can add them in the “Manage Applications” section.

To add a new application, we will need its name, for example, iexplorer.exe, or skype.exe. Similarly to the other sections, we have to put a short description and select the policies to associate with it. It will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:apps.png

Advanced

Description: Macintosh HD:Users:jose:Desktop:block_crypt.png In the Advanced section of Drainware, we can configure the behavior of the DLP. We have 3 sections to configure its behavior.

The first section will allow us to block access to encrypted information within particular groups. The behavior will be the same as a file affected by blocked policy.

Description: Macintosh HD:Users:jose:Desktop:evidence.png

The second section will allow us to collect evidence every time an event is carried out. This configuration is directly related to an action defined in the policy, where we can define a criticality level for each group. In this configuration, we can select ‘None’ if we don’t want to collect evidence or the minimum level from which we would want to make for the collection. If we select the low level, the collection will be available for the low, medium, and high levels. If we select the medium level, it will be available only for the medium and high levels. And if we select high, it will be available only for that level.

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

The configuration of the evidence collector is only available for the Premium users. The Freemium users will receive the first 3 screenshots every month.

 

In the last section, we can globally enable or disable modules that affect all policies. In Drainware we consider 3 types of elements:

  • Source: information origin
  • Sink: information destination
  • Pipe: information channel

Description: Macintosh HD:Users:jose:Desktop:dlp_advanced.png

In sources, we currently only have “Network device”. That allows us to recognize Windows shared folders. If we disable this origin, the “Network Sites” section will stop working and it won’t be visible in the menu anymore.

In Sinks we have several modules that monitor the application of the corresponding action (block, alert or log):

  • Dropbox
  • Skydrive
  • Google Drive
  • Network Device
  • Pendrive
  • Printer

Finally, in Pipes we can monitor:

  • Clipboard Image
  • Clipboard Text
  • Keylogger

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

The keylogger module doesn’t allow block the tipping, because until it isn’t written it can’t be analyzed.

 

Notifications

Notifications can’t be configured in the DLP menu, they must be defined in the “General” section, but they are directly related to the DLP.

The notifications allow, as long as we have a browser opened and logged in, the receiving of notifications in real-time when an event is carried out.

We don’t recommend enabling the notifications for all actions and events, because, if they are executed regularly, it can be annoying.

The notifications are HTML5 notifications and they are integrated with the desktop of the operating system, as long as the browser and the operating system support it.

Description: Macintosh HD:Users:jose:Desktop:notifications.png

Sandbox

The Sandbox feature allows us to protect applications against virus. It’s not an antivirus replacement, but rather, a complement.

Description: Macintosh HD:Users:jose:Desktop:menu_sandbox.png

Previously, hackers took advantage of security problems in the server’s software to gain access to the organization. But a security suite was developed to enable firewalls, IDS, IPS…

In the last few years, hackers have taken advantage of new vectors. Using tools like LinkedIn, they can discover who a financially responsible person is, and what contacts he has. From that moment they can make an attack based on spear-phishing that consists of sent e-mails assuming his identity with an attached PDF or an URL that steals data or opens a connection to the outside.

Applications

In Drainware, we develop rules that allow us to block the affected applications before the system will be affected.

Description: Macintosh HD:Users:jose:Desktop:sandbox.png

Inspector

With the Inspector module, you can search in real-time over all the computers in the organization.

Description: Macintosh HD:Users:jose:Desktop:menu_inspector.png

It’s possible that in the organization we have a person or a group of people working with the kind of information to which they shouldn’t have access. It could be done unconsciously or premeditated. Either way, we can find out with the Inspector tool.

Furthermore, once we have experienced a leak of information, it is often very difficult to check all the computers where the related document was. With Inspector, it is possible in seconds, to find very specific files, download them, and even browse through the file system of the computers affected.

Remote search

With the remote search we can start to obtain results.

Description: Macintosh HD:Users:jose:Desktop:search_result.png

The search can take several minutes. The results are shown grouped by the name of the computer where the file was found. Expanding the results by computer, it’s possible to see the file details by clicking on it. We can see information about the modification date, file name, mime type, creation date, and short information about the file header. It’s also possible to download it.

Description: Macintosh HD:Users:jose:Desktop:details.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

You shouldn’t search by very short terms or generic terms. The result can take too much time or it can be unmanageable.

 

It’s possible to browse through one of the computers listed in the results. To do this, you must click on the computer name or IP address (red area).

Description: Macintosh HD:Users:jose:Desktop:browse.png

The file explorer feature is further detailed in section 7.3 of this manual.

Multiple Remote Searches

If we want to search for a lot of terms, it’s possible to use the Multiple Remote Searches function.

To use this feature, you have to create a file with all the search terms in one line, separated by commas. We can create different lines, each one with its own keywords.

keyWordGroupA-1, keyWordGroupA-2, keyWordGroupA-3

keyWordGroupB-1, keyWordGroupB-2

keyWordGroupC-1, keyWordGroupC-2, keyWordGroupC-3

The file extension must be TXT. In addition to uploading the file, we must input a name for this report.

Description: Macintosh HD:Users:jose:Desktop:multiple.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

You shouldn’t search for very short terms or generic terms. The results can take too much time to obtain, or the results can be unmanageable.

 

Remote Files explorer

The Remote Files Explorer allows us to inspect any computer in the organization with Drainware installed.

We will have to provide some details about the computer: computer name, IP address, and optionally, the path. From this point, we can browse through any device in the computer and even download files.

Description: Macintosh HD:Users:jose:Desktop:browse_details.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Drainware is not developed to be an FTP server. Downloading a file with several MB in size can take several minutes until the download starts.

Remote Devices

With this feature, we can see the geographic position of all the devices that have Drainware installed.

In most cases, the geolocation is performed through the IP address, but when the Wi-Fi is activated, it’s possible that the geolocation is performed through Wi-Fi triangulation.

Description: Macintosh HD:Users:jose:Desktop:inspector_map.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Make sure that you don’t refresh the webpage until all the endpoints have responded, especially in networks with thousands of endpoints, as the webpage loading could take several minutes.

In addition to the geolocation of the devices, it’s possible to get a network map encapsulating all the computers that belong to the same ranges. To that effect, we will click on the Network View tab.

Description: Macintosh HD:Users:jose:Desktop:Screen Shot 2013-11-19 at 14.59.29.png

The results are shown in circles, where every circle represents a range or a group of ranges.

Description: Macintosh HD:Users:jose:Desktop:network-1.png

Description: Macintosh HD:Users:jose:Desktop:network3.png It’s possible to click on the segments that we want to inspect and see all the computers connected at that moment.

Reporter

With the Reporter module, we can have access to the data recorded by Drainware. We can get details of every module or statistic from the global behavior of the DLP, Inspector, or Sandbox.

Description: Macintosh HD:Users:jose:Desktop:menu_reporter.png

DLP Events

Once we open the DLP events information, we can see a graph with all the events related to the data leak. Under the graph, we can see a table with a list of related events, ordered from the most recent to the oldest. The table has some controls at the bottom where we can refresh it or browse through.

Description: Macintosh HD:Users:jose:Desktop:DLP.png

The list only shows a preview of the event. If we want to see detailed information, we must click on it.

The details of each event are shown in a table that provides all the information related to the event. Depending on the configuration, it’s also possible to see a screenshot done at the same moment that the event was carried out.

Description: Macintosh HD:Users:jose:Desktop:DLP_events.png

Description: Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotations: Freemium users can only see the first 3 screenshots every month.

Under the table, there is a button which generates a report with the latest security events.

Description: Macintosh HD:Users:jose:Desktop:export.png

If we want to find events by a range of dates, event type, policy, severity, rule, etc., we can use the “Advanced Query” system. As we can have a result with too many events, it’s possible to fill in the maximum number of events we want to show in the result.

Description: Macintosh HD:Users:jose:Desktop:DLP_reporter_Search.png

Every time a query is generated, it’s possible to export the results in CSV format. In order to do this, you have to click on the Generate Report button at the end of the page:

Description: Macintosh HD:Users:jose:Desktop:export.png

DLP Stats

The events and detail of events information is interesting, but in many cases, it’s necessary to have a view at a higher level of what is happening with confidential information or to know how the policies that we have configured are working. To do so, we will create data analysis and statistics.

Activity

In the same graph, it represents the average between severity, action, and the number of events. The policies with more events are located to the right, with the vertical axis representing the average of the actions carried out, where the block is the highest part. The average of the severity is shown in the size of the circle. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:dlp_report.png

Groups by policy

In this graph we can see the groups that carried out more events of one policy. In the top left combo box, you can select a period of time. In the top right combo box, you can select the policy.

Description: Macintosh HD:Users:jose:Desktop:group_by_policy.png

Users by policy

In this graph, we can see the users that carried out more events of one policy. In the top left combo box, you can select a period of time. In the top right combo box, you can select the policy.

Description: Macintosh HD:Users:jose:Desktop:user_by_policy.png

Policy

With the policy graph, we can analyze the policies with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:policy.png

Groups

With the policy graph we can analyze the groups with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:group.png

Sandbox Events

We can see a graph with related events with attempts to abuse applications. Under the graph, we can see a table with the list of events, ordered from the most recent to the oldest. The table has some controls at the bottom where we can refresh it or browse through.

Sandbox Stats

Applications

With the applications graph, we can analyze the policies with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:sandbox_apps.png

Groups

With the policy graph, we can analyze the groups with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:sandbox_groups.png

Inspector search reports

When we make multiple remote searches from the Inspector section, the results are generated in this section. We can find the report by a range of dates to download in Microsoft Excel format.

Description: Macintosh HD:Users:jose:Desktop:reporter_inspector.png

Troubleshooting

Corporate Proxy

Drainware supports connection through a proxy, either configured in the system or auto-configured. However, if the proxy uses authentication, it’s necessary to enable “*.drainware.com” in the accessible domains without authentication.

If you are using SQUID, the configuration would be the next one:

acl drainware dstdomain .drainware.com

acl CONNECT method CONNECT

acl dwCONNECT dstdomain .drainware.com

http_access allow CONNECT dwCONNECT localnet

http_access allow drainware localnet

 

Share with your friends










Submit

Author

Jose Palanco

VP Threat Intelligence at ElevenPaths