Uniworld River Cruises

Uniworld boutique river cruises has something for everyone exclusively with Travelonly
Uniworld offers the highest level of comfort, quality and service in river cruising with an unparalleled variety of vacation choices. You’ll cherish this world of benefits designed just for you. Over 500 departures, More than 40 itineraries, Sail 11 of the world’s most breathtaking rivers, and over 20 countries throughout Europe, China, Egypt, and Russia to choose from.
European river cruises with UniworldEurope river cruises
Europe draws travelers in with the wondrous allure of her history, architecture, art, and culture. Visit Europe, and you can feel the warm sun streaming through the rose windows of Notre Dame Cathedral. Taste rich chocolate sachertorte in a Viennese coffeehouse. Stroll through the vibrant and fragrant Keukenhof Gardens in Amsterdam. Or bask in the glow of old-world traditions at the holiday markets in Germany. Imagine discovering the unique scenic treasures of Europe from the luxurious serenity of your river cruise ship. Sailing Europe’s glorious rivers—the Danube, Main, Rhine, Moselle, Rhône, Saône, Seine, and Douro—you will discover the heart of Europe’s charming waterside villages and exciting cultural centers while enjoying the most relaxing way to vacation.

Find your European Cruise

Egyptian cruises with UniworldEgypt river cruises
Discovered 500 years ago by Juan de Bermudez, Bermuda has always been famous for green hills, pastel-colored homes and pink-sand beaches. Throw in world-glass golf courses, glass-bottom boats, swimming with dolphins, mountain biking, shopping and nightlife and you’ve got an excursion worth leaving the ship for. Don’t worry, the waterslide and karaoke will be waiting on board. Bermuda is a family-friendly vacation that really packs in the fun.

Find your Egyptian Cruise

Vietnam & Cambodia river cruises with UniworldVietnam & Cambodia river cruises
There can be no more striking cultural contrast between bustling Vietnam and the tranquility of Cambodia. From Ho Chi Minh City, through the Mekong Delta so rich in human life and endeavor, to the diverse countryside of Cambodia, you’ll discover two countries, two cultures, and two ways of life linked by one river, the Mekong, that have shaped these nations.

Russian river cruises with UniworldRussia river cruises
To experience Russia only by land is to miss a major part of its character and history. Discover the soul of Russia along the shores of the Volga. Follow the path of Peter the Great and sail from Moscow to St. Petersburg. Experience the rich cultures, traditions, and royal histories of these two legendary cities. And as you travel along the river, discover another side of Russia: its remote forested islands, vast lakes, tiny summer houses, quaint lifestyles, and pastoral landscapes. On your journey, meet the people who embody the true soul of this proud country.

Find your Russian cruise

Cruises in China with UniworldChina river cruises
China has rich history that boasts of many legends and dynasties. It’s a country of abundant natural splendor. From the majestic Himalayan Mountains to the mighty Yangtze River, the land is broad and diverse. It’s a country of old and new cities, earthly and ethereal landscapes, and impressive historical sights. Picture a beautiful pagoda with golden dragons or a luminous statue of the Buddha alongside new office buildings and shopping malls. The vastness and profoundness of this great land can’t be fully explained with words. It needs to be experienced first hand.

Find your cruise in China

Book a Uniworld Boutique River Cruise! Call 1-866-496-9862
Uniworld Boutique River Cruise – Cruise Ships
Uniworld boutique river cruise ship SS Antoinette
S.S. Antoinette

443’ x 37.5’ (the largest ship, lengthwise, in the river cruise industry); 82 staterooms; 164-passenger capacity; European officers and crew; 7-night cruises in the Netherlands and Germany along the Rhine River.

Walking onto the S.S. Antoinette, you will immediately feel like you stepped into France’s Château de Versailles during the late 18th century with the character of the past thoughtfully blended with unusual elements creating luxurious elegance with welcoming warmth. A blue Strauss 10-foot Baccarat chandelier with huge sapphires, originally hung in New York’s famed Tavern on the Green, graces the two-story lobby. The finest Brazilian marble adorns the walls and floors and a sparkling 19th-century Venetian glass mirror rests high above the reception desk reflecting an air of grandeur.


It is clear as one continues to gaze around the remarkable surroundings, the S.S. Antoinette shares the same exquisite standards and meticulous attention to detail reflective throughout all of Uniworld’s fleet. Haute design, yet comfortable décor symbolize the style used by Mrs. Beatrice Tollman, godmother and namesake of Uniworld’s River Beatrice, and President of Uniworld’s sister company the award-winning Red Carnation Hotel Collection; her daughter, Mrs. Antoinette Tollman, godmother and namesake to the new S.S. Antoinette; and Mr. Brian Brennan, lead designer.

Arranged throughout the ship, is a collection of carefully selected original art from personal collections. Sketches in black and white, color lithographs, and oil on canvas paintings from a range of great artists, including Humphrey Jennings, John Bellany, and an extensive selection of work by Russian painters Yuri Matushevski and Viktor Templi are perfectly placed for guests’ enjoyment.

Uniworld boutique river cruise ship River Ambassador
River Ambassador

361’ x 37.5’; 56 staterooms; 4 suites; 120-passenger capacity; European officers and crew; 7-night cruises in Germany, France, Belgium, the Netherlands, Austria, Hungary, and Slovakia along the Rhine, Main, and Danube rivers.

Facilities onboard River Ambassador:

• Lavishly appointed riverview staterooms have hotel beds draped in fine linens, a vanity, built-in closets, hair dryer, safe, individual thermostat for air conditioning and heat, direct-dial telephone, flat-screen TV with satellite, bottled water, and bathroom with L’Occitane bath and body products, magnifying mirror, and plush.
• Beautiful panoramic main lounge with full-service bar, cozy library/game room, and elegant restaurant.
• Sun deck with chess and shuffleboard, fitness room with jet massage shower cabin, massage treatments, and boutique.
• Complimentary use of bicycles and Nordic walking sticks.
• 24-hour specialty coffee and tea bar, reception service, free internet access and
Wi-Fi.

River cruise ship Beatrice from Uniworld
River Beatrice – Launched in March 2009, the River Beatrice is quite simply the most deluxe and comfortable ship ever to sail any European river. Her exquisite grace and refinement make her the perfect match for the enchanting Danube River region.
Facilities onboard the majestic River Beatrice:

  • Lavishly appointed riverview staterooms and suites have made-to-order Savoir® of England beds draped in fine linens. Those on the Rhine and Danube decks have French balconies
  • Stateroom and suite amenities include: generous built-in closets, hair dryer, safe, individual thermostat for air conditioning and heating, direct dial telephone, flat-screen TV with satellite, bottled water, and well-appointed marble bathroom stocked with L’Occitane bath and body products, magnifying mirror, and plush bathrobes
  • All suites have additional amenities with special butler service, including: packing and unpacking assistance, free laundry service, in-room breakfast, daily fruit and cookie plate, slippers, flat-screen TVs with private DVD, coffee machine, refrigerator, shoe shine service, bottle of wine upon arrival, and a special dinner in the Captain’s Lounge
  • The owner’s suite offers extra benefits: entertainment system, three flat-screen TVs with satellite, and paintings by English artist Paul Maze. The bathroom has a separate rain shower and tub, a secluded toilet and bidet area, and towel warmer
  • Beautiful panoramic main lounge with full-service bar; Captain’s Lounge with full bar; elegant restaurant; sun deck with three sun tents, chess, and shuffleboard; fitness room; massage room; gift boutique; guest laundry; and elevator
  • 24-hour specialty coffee and tea bar, reception service, free internet access and
    Wi-Fi.

River cruise ship Empress from Uniworld
River Empress –

Entered service in 2001; Refurbished in 2010; 361’ x 37.5’; 67 staterooms; 134-passenger capacity; European officers and crew; 7- to 14-night cruises in the Netherlands, Germany, Hungary, Austria, and Slovakia along the Rhine, Main, and Danube rivers

Facilities onboard River Empress:

  • Lavishly appointed riverview staterooms and suites have made-to-order English Savoir™ beds draped in fine linens. The staterooms and suites on the Rhine Deck have French balconies. Other amenities include: a vanity, generous built-in closets, hair dryer, safe, individual thermostat for air conditioning and heat, direct-dial telephone, flat-screen TV with satellite, bottled water, and bathroom with L’Occitane bath and body products, magnifying mirror, and plush bathrobes.
  • The suites have extra amenities and services including: slippers, coffee machine, bottle of wine upon arrival, fruit and cookie plate, morning coffee, and shoe shine.
    Additional for 2010:  Free laundry services and daily newspaper
  • Beautiful panoramic main lounge with full-service bar, cozy Captain’s Lounge and library, elegant restaurant, sun deck with chess and shuffleboard, sky lounge, fitness room, sauna, massage treatments, gift boutique, guest laundry and ironing facilities, and elevator.
  • Complimentary 24-hour specialty coffee and tea bar, and use of bicycles and Nordic walking sticks.
  • 24-hour reception service.
  • Wireless Internet access in public areas.

River cruise ship Queen from Uniworld
River Queen
The River Queen is the most unique river cruise ship in Europe. Her exterior resembles the great steamships of the 1930’s, while her plush interior provides a classical elegance reminiscent of the famous Art Deco style.

Facilities onboard River Queen:

  • Lavishly appointed riverview staterooms have made-to-order English Savoir™ beds draped in fine linens, a vanity, generous built-in closets, hair dryer, safe, individual thermostat for air conditioning and heat, direct-dial telephone, flat-screen TV with satellite, bottled water, and bathroom with L’Occitane bath and body products, magnifying mirror, and plush bathrobes.
  • The suites have additional amenities and services including: slippers, coffee machine, bottle of wine upon arrival, fruit and cookie plate, morning coffee, and shoe shine.
    Additional for 2010:  Free laundry services and daily newspaper.
  • Beautiful panoramic main lounge with a fireplace (the only working fireplace on any river cruise ship) and  full-service bar, cozy Captain’s Lounge and library, elegant restaurant, sun deck, fitness room, massage treatments, sauna, gift boutique, guest laundry and ironing facilities, and elevator.
  • Complimentary 24-hour specialty coffee and tea bar, and use of bicycles and Nordic walking sticks.
  • 24-hour reception service.
  • Wireless Internet access in public areas.

Uniworld boutique river cruise ship Douro Spirit
Duoro Spirit
The Douro Spirit is a deluxe new ship expected to sail in 2011.Douro Spirit accommodates a maximum of 128 guests, providing the intimate
small-ship ambiance preferred by Uniworld’s experienced travelers.

245’ x 37’; 64 cabins; 128-passenger capacity; European officers and crew; 10-night cruise/tours in Portugal and Spain along the Douro River.

Facilities onboard Douro Spirit:
• All staterooms have riverviews and French balconies. All are appointed with a vanity and make-up mirror, built-in closets, hair dryer, safe, individual thermostat for air conditioning, flat-screen TV, and bathroom
.
• Main lounge with a full-service bar and dance floor.
• Elegant restaurant with open seating.
• Sun deck with swimming pool.
• Boutique/gift shop.
• Complimentary red and white wine, Port wine, beer, soft drinks, coffee, tea, and water during dinner.
• L’Occitane bath and body amenities in staterooms.
• Quality bed linens, and complimentary bottled water, coffee and tea in staterooms each day.
Uniworld boutique river cruise ship River Baroness
River Baroness

Entered service in 1994; Remodeled in 2005 and 2011; 361’ x 37.5’; 56 staterooms; 4 suites; 120-passenger capacity; European officers and crew; 7-night cruises in France along the Seine River.

Facilities onboard River Baroness:

• Lavishly appointed riverview staterooms have hotel-style beds draped in fine linens, a vanity, built-in closets, hair dryer, safe, individual thermostat for air conditioning and heat, direct-dial telephone, flat-screen TV with satellite, bottled water, and bathroom with L’Occitane bath and body products, magnifying mirror, and waffle bathrobes.
• Starting in 2011, all suites will have extra amenities and services including: bottle of wine upon arrival; flat-screen TV with DVD player; slippers; refrigerator; daily fruit and cookie plate; laundry service; shoe shine; and morning coffee, tea, and continental breakfast.
• Beautiful panoramic main lounge, full-service bar, cozy library/game room, and elegant restaurant.
• Sun deck with chess and shuffleboard, fitness room, massage treatments, and boutique.
• Complimentary use of bicycles and Nordic walking sticks
• 24-hour specialty coffee and tea bar, reception service, free internet access and
Wi-Fi.

River cruise ship he River Countess
River Countess

Entered service in 2003; Refurbished in 2007; 361’ x 37.5’; 67 cabins; 134-passenger capacity; European officers and crew; 7- to 21-night cruises in the Netherlands, Hungary, Germany, Austria, Romania, Bulgaria, and Serbia along the Rhine, Main, and Danube rivers.
Facilities onboard the  River Countess:

  • Lavishly appointed riverview staterooms and suites have hotel-style beds draped in fine linens. The staterooms and suites on the Rhine Deck have French balconies. Other amenities include: a vanity, generous built-in closets, hair dryer, safe, individual thermostat for air conditioning and heat, direct-dial telephone, flat-screen TV with satellite, bottled water, and bathroom with L’Occitane bath and body products, magnifying mirror, and plush bathrobes
  • The suites have extra amenities and services including: slippers, coffee machine, bottle of wine upon arrival, fruit and cookie plate, morning coffee, shoe shine, and
    free laundry services and daily newspaper
  • Beautiful panoramic main lounge with full-service bar, cozy Captain’s Lounge and library, elegant restaurant, sun deck with chess and shuffleboard, sky lounge, fitness room, sauna, massage treatments, gift boutique, guest laundry and ironing facilities, and elevator.
  • 24-hour specialty coffee and tea bar, reception service, free internet access and
    Wi-Fi.



River Cruise ship Duchess from Uniworld

River Duchess –


2011 Condé Nast Traveler’s Readers’ Poll "Top River Ships of the World.”
Entered service in 2003; refurbished in 2009; 361’ x 37.5’; 67 cabins; 134-passenger capacity; European officers and crew; 7- to 14-night cruises in the Netherlands, Germany, Hungary, Austria, and Slovakia along the Rhine, Main, and Danube rivers.

Facilities onboard the  River Duchess:

  • Lavishly appointed riverview staterooms and suites have hotel beds draped in fine linens. The staterooms and suites on the Rhine Deck have French balconies*. Other amenities include: a vanity, generous built-in closets, hair dryer, safe, individual thermostat for air conditioning and heat, direct-dial telephone, flat-screen TV with satellite, bottled water, and bathroom with L’Occitane bath and body products, magnifying mirror, and plush bathrobes .
  • The suites have extra amenities and services including: slippers; coffee machine, bottle of wine upon arrival, fruit and cookie plate, morning coffee, shoe shine, free laundry services and daily newspaper.
  • Beautiful panoramic main lounge with full-service bar, cozy Captain’s Lounge and library, elegant restaurant, sun deck with chess and shuffleboard, sky lounge, fitness room, sauna, massage treatments, gift boutique, guest laundry and ironing facilities, and elevator.
  • 24-hour specialty coffee and tea bar, reception service, free internet access and
    Wi-Fi.

River cruise ship Princess from Uniworld
River Princess

Entered service in 2001; Refurbished in 2005 and 2009; 361’ x 37.5’; 66 staterooms; 132-passenger capacity; European officers and crew; 7- to 11-night cruises in the Netherlands, Belgium, and Germany along the Rhine, Main, and Danube rivers.

Facilities onboard River Princess:

  • Lavishly appointed riverview staterooms and suites have hotel-style beds draped in fine linens. The staterooms and suites on the Rhine Deck have French balconies. Other amenities include: a vanity, generous built-in closets, hair dryer, safe, individual thermostat for air conditioning and heat, direct-dial telephone, flat-screen TV with satellite, bottled water, and bathroom with L’Occitane bath and body products, magnifying mirror, and plush bathrobes
  • The suites have extra amenities and services including: slippers, coffee machine, bottle of wine upon arrival, fruit and cookie plate, morning coffee, and shoe shine
    Additional for 2010:  Free laundry services and daily newspaper
  • Beautiful panoramic main lounge with full-service bar, cozy Captain’s Lounge and library, elegant restaurant, sun deck with chess and shuffleboard, sky lounge, fitness room, sauna, massage treatments, gift boutique, guest laundry and ironing facilities, and elevator
  • Complimentary 24-hour specialty coffee and tea bar, and use of bicycles and Nordic walking sticks
  • 24-hour reception service
  • Wireless Internet access in public areas

River cruise ship Royale from Uniworld
River Royale


Entered service in 2006; 361′ x 37.5′; 66 staterooms; 132 passenger capacity; European officers and crew;  7- to 14-night cruises France along the Seine, Rhône, and Saône rivers.

Facilities onboard River Royale:

  • Lavishly appointed riverview staterooms and suite have hotel-style beds draped in fine linens. The staterooms and suite on the Azure Deck have French balconies. Other amenities include: generous built-in closets, hair dryer, safe, individual thermostat for air conditioning and heat, direct-dial telephone, flat-screen TV with satellite, bottled water, and bathroom with L’Occitane bath and body products, magnifying mirror, and waffle bathrobes.
  • The suite has extra amenities and services including: bottle of wine upon arrival, morning coffee, and shoe shine.
    Additional for 2010:  Free laundry services and daily newspaper.
  • Beautiful panoramic main lounge with full-service bar, cozy library, elegant restaurant, sun deck with chess and shuffleboard, fitness room, sauna, Jacuzzi, massage treatments, gift boutique, and elevator.
  • Complimentary 24-hour specialty coffee and tea bar, and use of bicycles and Nordic walking sticks.
  • 24-hour reception service.
  • Free Internet access and Wi-Fi in public areas.



Book a Uniworld Boutique River Cruise! Call 1-866-496-9862
*Photos provided by Uniworldcruises.ca
Drainware - Jose Ramon Palanco

Projects

Drainware

22 January, 2020

Tags: , , , , , ,

Between 2011 and 2014 we developed (Cristian Sandoval, Marco Lojo, Antonio Moreno, .. among others) a Cloud Platform with DLP capabilities, now in 2020 it is Open Source. It was a very cool technology at that time, we used mongo, redis, rabbitmq, .. among other technologies. Most of the magic was inside the endpoint, written in C++.

This product is able to identify data leaks in buffers like the clipboard, screenshot (OCR), … monitor removable devices, network units, applications (minifilter driver), cloud apps (dropbox, one drive, google drive), printer (OCR), …

It uses geolocation based on the SSIDs using google location services to track stolen devices or known when a device was located when the data leak was performed.

It also comes with a basic sandbox to freeze applications abused by exploits by detecting suspicious traces in memory like nop-sled, heap-spray, ….

One of the coolest features was the distributed search across all endpoints of the organization. It was possible to find files, emails, documents, …

Another interesting feature is that the endpoint includes a PHP interpreter to run callbacks or create validators based in regular expressions, REST API calls or whatever you can imagine. It also uses ADS, ssdeep and several fun things you will find browsing into the code.

Promo video:

Now this project is opensource!

The code

You can download the source code at Github:

https://github.com/drainware

DISCLAIRME: Use the code under your own responsibility. This project is not maintained for a long time, so most of the dependencies are obsoletes and some of them vulnerable.

Screencasts

Drainware Intro:

Drainware DLP:

DLP Storage:

DLP Custom rules:

 

 

 

Manual

 

Introduction

This manual is written either to be read sequentially the first time, or can be used as a reference guide. During this reading you can find notices in the following formats:

Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotations: Concept clarifications

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!: Important concepts to keep in mind

Tip: Tricks, shortcuts and other tips

About Drainware

Drainware is a security platform that is like a service. It has several modules to protect the information and/or the computers that contain this information.

We offer Freemium license which means you can start using it for free with some restrictions in its features.

Requirements

Operating System

Drainware can be deployed on computers with Microsoft Windows OS installed. The currently supported versions are the following:

OS Architecture
Windows XP x86
Windows 7/8 x86/x64
Windows 10 x86/x64

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!

Windows XP is supported only with Service Pack 3 or later. We also have support for Windows XP SP2, but you have to install the following components:

Windows Search 4.0 for Windows XP (KB940157)

Wireless LAN API (KB918997)

    1. Minimum Hardware

CPU: Intel Pentium III 1 GHz or faster

RAM: 1 GB (2GB recommended)

HDD: 200 MB

Installation

Signing up in the system

Before installing Drainware, it’s necessary to have an account on the platform. To sign up in the system you’ll have to go to the official Drainware website at https://www.drainware.com and click on the sign-up button in the top-right menu.

 

home

register

This will show us a form where we must input the information requested: registry data, company name, VAT ID, and the number of employees.

The e-mail will be associated with your account and it won’t be able to be changed in the future.

For the number of employees field, we only have to consider the ones that normally work with a computer.

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!: The password must have at least 8 characters.

Afterward, you will receive an e-mail that will allow you to validate your new account.

register_mail

When the license has been validated, it will redirect us to the sign-in page where we will have to input the e-mail and the password that we have entered in before.

login

Software endpoint installation

Once we have the license validated and entered our credentials, we are correctly signed in and able to download the software. After sign in, we have the possibility to download the installer. To the right of the download link, we have the license number that is a 16 digit code that we will need during the installation.

Download

This installer will install the 32 or 64-bit version, depending on the operative system used.

Advanced Installation

It is possible to deploy the endpoint in an unattended manner. This is very useful if you have a lot of users and you want to deploy it on a mass scale.

To do that, you can find the .msi installers available in the following URL

http://update.drainware.com/

The procedure to install it through the command line is below (where you must replace the red text by your license number):

msiexec /i file.msi /quiet /noreboot DDI_LIC=XXXX-XXXX-XXXX-XXXX

If you prefer you can use this logon script:

Name: drainware_logon.vbs

Function GetWindowsArchitecture(strComputerName)

Set objWMI = GetObject("winmgmts://" & strComputerName & "/root/cimv2")

Set colItems = objWMI.ExecQuery("Select * from Win32_OperatingSystem", , 48)




For Each objItem In colItems

GetWindowsArchitecture = "32-bit"

If left(objItem.Version,3) >= 6.0 Then

GetWindowsArchitecture = objItem.OSArchitecture

End If

Next

End Function

Function GetProgramsFolder()

Set wshShell = WScript.CreateObject("WScript.Shell")

GetProgramsFolder = wshShell.ExpandEnvironmentStrings("%programfiles%")

End Function

Function ExistDrainwareSecurityDir()

Set objFSO = CreateObject("Scripting.FileSystemObject")

ExistDrainwareSecurityDir = objFSO.FileExists(GetProgramsFolder() & "\Drainware\Drainware Security Endpoint\DrainwareSecurityAgent.exe")

End Function

Function DownloadDSE(strRemoteDSE, strLocalDir)

Set objFSO = CreateObject("Scripting.FileSystemObject")

objFSO.CopyFile strRemoteDSE, strLocalDir & "\"

End Function

Function InstallDSE(strLicense, strRepository)

If Not ExistDrainwareSecurityDir() Then

Set wshShell = WScript.CreateObject("WScript.Shell")

Select Case GetWindowsArchitecture(".")

Case "64-bit"

Rem Msgbox "Installing Endpoint 64-bit " & strLicense

strRemoteDSE = strRepository & "\SetupCloud.msi"

strLocalDSE = wshShell.ExpandEnvironmentStrings("%temp%") & "\SetupCloud.msi"

Case "32-bit"

Rem Msgbox "Installing Endpoint 32-bit " & strLicense

strRemoteDSE = strRepository & "\SetupCloud32.msi"

strLocalDSE = wshShell.ExpandEnvironmentStrings("%temp%") & "\SetupCloud32.msi"

End Select

DownloadDSE strRemoteDSE, wshShell.ExpandEnvironmentStrings("%temp%")

Rem Msgbox "msiexec /qn /i " & strLocalDSE & " ddi_lic=" & strLicense

Rem WshShell.Run "msiexec /qn /i " & strLocalDSE & " ddi_lic=" & strLicense

Msgbox "Your computer will restart after a few seconds"

End If

End Function

Dim strLicense

Dim strRepository

strLicense = WScript.Arguments(0)

strRepository = WScript.Arguments(1)

InstallDSE strLicense, strRepository

 

Usage:

drainware_logon.vbs LICENSE LOCATION

example: drainware_logon.vbs XXXX-XXXX-XXXX-XXXX \\mynas\resources\dlp\

The location must contains both msi files (for x86 and x64)

Useful links

Create a GPO (Windows 2008)

Initial configuration

In this section, we will go through the initial configuration of Drainware. These are the available options in the left menu (red area) of Drainware once you sign in.

menu

Credentials

In this section, we can update our password. If we want to change it, we also have to fill in the current password.

credentials

Subscription

Drainware has two different subscription types. One is the Freemium option, which offers a monthly service with a limit of 500 security events; after 500 events, the organization will be unprotected until the first day of the next month.

On the other hand, we offer a Premium subscription that is based on the number of users you wish to protect. The Premium subscription includes unlimited events (as long as use remains reasonable).

In this section, it is possible to check the validity of the subscription and upgrade it in the case of using a Freemium subscription.

If you have questions about this section, please write an e-mail to sales@drainware.com and our sales team will be happy to assist you.

Groups

It is possible that in your organization you would like to apply different policies depending on groups of users. We can organize the groups by areas or departments, depending on the requirements of the organization.

In this section, we can create the groups inside our platform and then apply policies directly over them.

It is possible to integrate the groups in the organization directly with Drainware, and this topic is explained in more detail in section 4.5.

Users

Every time that user logs in to a computer protected with Drainware, the server is notified, and it will register it in the system. From that moment, we can associate that user to one or more groups.

Authentication

To integrate Drainware with your organization, we offer an authentication module. We have 2 different options to configure the authentication module: local authentication or LDAP.

By default, Drainware works in the local authentication mode, in such a way that the group information is already in our platform.

With the LDAP option, it’s possible to integrate an LDAP server or Active Directory Domain to be able to use the users and groups of the organization.

If you want to integrate LDAP, it’s necessary to open the LDAP port to the Internet. We recommend opening it with SSL exclusively.

If you want to integrate it with Active Directory, you should use the following information:

Field Value
Type LDAP
SSL Depending on your configuration
Version 2.0
Host IP or Computer Name
Port 389 or 636 if it’s SSL
DN DOMAIN\user
Password User Password
Base DC=DOMAIN, DC=LOCAL
User Attr sAMAccountName
Recursive Groups Optional

We recommend to use always LDAP with SSL and to block any connection except if it comes from our public IP Adress.

We also have the “Recursive Groups” option. This option allows users in nested groups to resolve the groups to which they don’t directly belong.

Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotation: If an LDAP user doesn’t belong to any of the imported groups, it will belong to the default group automatically.

Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

When the LDAP is integrated, all users will be available in the platform however the same doesn’t happen with the groups. The groups must be imported one by one from the group’s section, which will also be integrated with LDAP.

Time Zone

It’s possible that the employees of an organization work or travel around the world. Therefore, in Drainware, we work with the UTC time zone. In order to translate the time between different time zones, we offer the possibility to select the time zone where the administrator wishes to see the events.

Dashboard

The main window of Drainware shows an overview of the security events that happened since the installation of Drainware. It also shows the details of the events that happened since the beginning of every month.

Macintosh HD:Users:jose:Desktop:dashboard.png

For Freemium users, it shows a status bar that shows the monthly events. When the number of events reaches 500, Drainware will stop working until the beginning of the next month. The administrator will then receive an e-mail notification that the organization is not protected with Drainware anymore.

Tip:

To the right of the monthly events bar, you can find a link to get more free events per month in the Freemium version. To receive more free events, you only have to share a link with the reference code. For every verified installation referred to this code, Drainware will give you 100 extra free events per month.

DLP

In the DLP module (Data Loss Prevention), we can control the confidential information inside the organization to prevent data leaks.

Macintosh HD:Users:jose:Desktop:menu_dlp.png

Policies

The policies define what information you want to monitor and what action will be carried out. In the policies creation section, we provide a wizard that makes the whole process easier. We’re going to create a policy with the name POL001 and the description of “Policy 1”.

Macintosh HD:Users:jose:Desktop:pol1.png

In the first step we have to provide a name and a short description of the policy:

Macintosh HD:Users:jose:Desktop:pol2.png

In the next step, we have to define the information that we want to protect.

We can see the next menu:

  • Concepts / Subconcepts: patterns predefined by Drainware to identify the information.
  • Applications: applications that we’ll deny any access to confidential information.

As we continue configuring Drainware, this section will contain other elements such as rules, files, and network sites; which will see in the next sections.

Macintosh HD:Users:jose:Desktop:pol3.png

If we expand the Concepts/Subconcepts we will see a big list of categories. We can include a subconcept in our policy like Visa or the credit card concept that would include all credit card types.

Macintosh HD:Users:jose:Desktop:pol4.png

In the applications section, we can see a list (that can be extended by the user) that allows the blocking of several programs.

Macintosh HD:Users:jose:Desktop:pol5.png

In Step 3 we can see a list of the groups that we have already imported, the action that will be carried out, and the severity (how severe is the group of users that triggered the policy).

Macintosh HD:Users:jose:Desktop:pol6.png

We only have to select the groups that we want to be affected by the policy. When defining the action, it can be:

  • Log: logs the event in the Drainware database for audit purposes.
  • Alert: an e-mail is sent by default to the e-mail address used for sign up in Drainware, but it can be overridden by another address specified only for this policy.
  • Block: prevents filtering of information.

In all cases, the employee that executes the policy will see a notification.

Macintosh HD:Users:jose:Desktop:pol7.png

We only have to click the “Finalize” button and the policy will be created.

Macintosh HD:Users:jose:Desktop:pol8.png

Every time we create a policy, it will appear in the policies list. In this list, we have 3 buttons:

  • Configuration: we can configure the information to protect, like we configured in step 2.
  • Action: we can re-define actions for the different groups, like we configured in step 3.
  • Remove: removes the policy.

Once the policy is created, it can’t be renamed.

Macintosh HD:Users:jose:Desktop:pol9.png

Rules

With “Rules”, we can define our own information patterns to protect inside the policies. We can include, for example, confidential footers that we usually introduce in documents with confidential information. We can also add regular expressions that describe any confidential documents that we want to protect.

To create a rule, we have to introduce a name without spaces and special characters (A), a description (B), optionally, we can include a verification function in PHP (C) and we can define which policies we want to associate with this rule (D). Like policies, rules can’t be renamed either.

Tip:

If we want to use a verification function in PHP, it will receive the variable “$match” that contains the resulting match after the regular expression is applied. It will be necessary that after analyzing $match, it will assign TRUE (accept match) or FALSE (deny match) to the “$return_val” variable.

Macintosh HD:Users:jose:Desktop:rule.png

Files

For very exceptional cases, it’s possible that a rule can’t cover all our requirements and we’d want to sign up for a file. In these cases, we can upload a file to help Drainware to identify when someone is trying to filter information.

The procedure is very simple. We can upload one or more files and they will be automatically available to associate with our policies. We only have to go to the policy configuration and select the filename.

Every time we upload a file, this will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:files.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Before uploading a file, we suggest to use a unique filename or even put the current date to distinguish it from another with the same name.

 

Network Sites

In the network sites section, we can add Windows shared folders with the format \\server\resource.

This functionality is one of the most interesting ones. The endpoint software is ready to identify all the files copied in a computer from the shared folder added in Drainware. Once the file is copied, Drainware will check every file or every copy of them throughout the computer’s file system, allowing you to work with it, but denying its filtration.

For Network URI, we have to input the shared folder location., We must also introduce a short description, and then select the different policies to apply.

It will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:network place.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Only files that have been copied after add the shared folder will be monitored.

 

Applications

To add more applications and include them in our policies, we can add them in the “Manage Applications” section.

To add a new application, we will need its name, for example, iexplorer.exe, or skype.exe. Similarly to the other sections, we have to put a short description and select the policies to associate with it. It will be available in the new policies wizard.

Description: Macintosh HD:Users:jose:Desktop:apps.png

Advanced

Description: Macintosh HD:Users:jose:Desktop:block_crypt.png In the Advanced section of Drainware, we can configure the behavior of the DLP. We have 3 sections to configure its behavior.

The first section will allow us to block access to encrypted information within particular groups. The behavior will be the same as a file affected by blocked policy.

Description: Macintosh HD:Users:jose:Desktop:evidence.png

The second section will allow us to collect evidence every time an event is carried out. This configuration is directly related to an action defined in the policy, where we can define a criticality level for each group. In this configuration, we can select ‘None’ if we don’t want to collect evidence or the minimum level from which we would want to make for the collection. If we select the low level, the collection will be available for the low, medium, and high levels. If we select the medium level, it will be available only for the medium and high levels. And if we select high, it will be available only for that level.

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

The configuration of the evidence collector is only available for the Premium users. The Freemium users will receive the first 3 screenshots every month.

 

In the last section, we can globally enable or disable modules that affect all policies. In Drainware we consider 3 types of elements:

  • Source: information origin
  • Sink: information destination
  • Pipe: information channel

Description: Macintosh HD:Users:jose:Desktop:dlp_advanced.png

In sources, we currently only have “Network device”. That allows us to recognize Windows shared folders. If we disable this origin, the “Network Sites” section will stop working and it won’t be visible in the menu anymore.

In Sinks we have several modules that monitor the application of the corresponding action (block, alert or log):

  • Dropbox
  • Skydrive
  • Google Drive
  • Network Device
  • Pendrive
  • Printer

Finally, in Pipes we can monitor:

  • Clipboard Image
  • Clipboard Text
  • Keylogger

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

The keylogger module doesn’t allow block the tipping, because until it isn’t written it can’t be analyzed.

 

Notifications

Notifications can’t be configured in the DLP menu, they must be defined in the “General” section, but they are directly related to the DLP.

The notifications allow, as long as we have a browser opened and logged in, the receiving of notifications in real-time when an event is carried out.

We don’t recommend enabling the notifications for all actions and events, because, if they are executed regularly, it can be annoying.

The notifications are HTML5 notifications and they are integrated with the desktop of the operating system, as long as the browser and the operating system support it.

Description: Macintosh HD:Users:jose:Desktop:notifications.png

Sandbox

The Sandbox feature allows us to protect applications against virus. It’s not an antivirus replacement, but rather, a complement.

Description: Macintosh HD:Users:jose:Desktop:menu_sandbox.png

Previously, hackers took advantage of security problems in the server’s software to gain access to the organization. But a security suite was developed to enable firewalls, IDS, IPS…

In the last few years, hackers have taken advantage of new vectors. Using tools like LinkedIn, they can discover who a financially responsible person is, and what contacts he has. From that moment they can make an attack based on spear-phishing that consists of sent e-mails assuming his identity with an attached PDF or an URL that steals data or opens a connection to the outside.

Applications

In Drainware, we develop rules that allow us to block the affected applications before the system will be affected.

Description: Macintosh HD:Users:jose:Desktop:sandbox.png

Inspector

With the Inspector module, you can search in real-time over all the computers in the organization.

Description: Macintosh HD:Users:jose:Desktop:menu_inspector.png

It’s possible that in the organization we have a person or a group of people working with the kind of information to which they shouldn’t have access. It could be done unconsciously or premeditated. Either way, we can find out with the Inspector tool.

Furthermore, once we have experienced a leak of information, it is often very difficult to check all the computers where the related document was. With Inspector, it is possible in seconds, to find very specific files, download them, and even browse through the file system of the computers affected.

Remote search

With the remote search we can start to obtain results.

Description: Macintosh HD:Users:jose:Desktop:search_result.png

The search can take several minutes. The results are shown grouped by the name of the computer where the file was found. Expanding the results by computer, it’s possible to see the file details by clicking on it. We can see information about the modification date, file name, mime type, creation date, and short information about the file header. It’s also possible to download it.

Description: Macintosh HD:Users:jose:Desktop:details.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

You shouldn’t search by very short terms or generic terms. The result can take too much time or it can be unmanageable.

 

It’s possible to browse through one of the computers listed in the results. To do this, you must click on the computer name or IP address (red area).

Description: Macintosh HD:Users:jose:Desktop:browse.png

The file explorer feature is further detailed in section 7.3 of this manual.

Multiple Remote Searches

If we want to search for a lot of terms, it’s possible to use the Multiple Remote Searches function.

To use this feature, you have to create a file with all the search terms in one line, separated by commas. We can create different lines, each one with its own keywords.

keyWordGroupA-1, keyWordGroupA-2, keyWordGroupA-3

keyWordGroupB-1, keyWordGroupB-2

keyWordGroupC-1, keyWordGroupC-2, keyWordGroupC-3

The file extension must be TXT. In addition to uploading the file, we must input a name for this report.

Description: Macintosh HD:Users:jose:Desktop:multiple.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

You shouldn’t search for very short terms or generic terms. The results can take too much time to obtain, or the results can be unmanageable.

 

Remote Files explorer

The Remote Files Explorer allows us to inspect any computer in the organization with Drainware installed.

We will have to provide some details about the computer: computer name, IP address, and optionally, the path. From this point, we can browse through any device in the computer and even download files.

Description: Macintosh HD:Users:jose:Desktop:browse_details.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Drainware is not developed to be an FTP server. Downloading a file with several MB in size can take several minutes until the download starts.

Remote Devices

With this feature, we can see the geographic position of all the devices that have Drainware installed.

In most cases, the geolocation is performed through the IP address, but when the Wi-Fi is activated, it’s possible that the geolocation is performed through Wi-Fi triangulation.

Description: Macintosh HD:Users:jose:Desktop:inspector_map.png

Description: Description: ttp://alfredoquiroz.files.wordpress.com/2011/08/aviso_importante1.png Important!:

Make sure that you don’t refresh the webpage until all the endpoints have responded, especially in networks with thousands of endpoints, as the webpage loading could take several minutes.

In addition to the geolocation of the devices, it’s possible to get a network map encapsulating all the computers that belong to the same ranges. To that effect, we will click on the Network View tab.

Description: Macintosh HD:Users:jose:Desktop:Screen Shot 2013-11-19 at 14.59.29.png

The results are shown in circles, where every circle represents a range or a group of ranges.

Description: Macintosh HD:Users:jose:Desktop:network-1.png

Description: Macintosh HD:Users:jose:Desktop:network3.png It’s possible to click on the segments that we want to inspect and see all the computers connected at that moment.

Reporter

With the Reporter module, we can have access to the data recorded by Drainware. We can get details of every module or statistic from the global behavior of the DLP, Inspector, or Sandbox.

Description: Macintosh HD:Users:jose:Desktop:menu_reporter.png

DLP Events

Once we open the DLP events information, we can see a graph with all the events related to the data leak. Under the graph, we can see a table with a list of related events, ordered from the most recent to the oldest. The table has some controls at the bottom where we can refresh it or browse through.

Description: Macintosh HD:Users:jose:Desktop:DLP.png

The list only shows a preview of the event. If we want to see detailed information, we must click on it.

The details of each event are shown in a table that provides all the information related to the event. Depending on the configuration, it’s also possible to see a screenshot done at the same moment that the event was carried out.

Description: Macintosh HD:Users:jose:Desktop:DLP_events.png

Description: Description: ttp://primariamed.files.wordpress.com/2011/03/notas.jpg Annotations: Freemium users can only see the first 3 screenshots every month.

Under the table, there is a button which generates a report with the latest security events.

Description: Macintosh HD:Users:jose:Desktop:export.png

If we want to find events by a range of dates, event type, policy, severity, rule, etc., we can use the “Advanced Query” system. As we can have a result with too many events, it’s possible to fill in the maximum number of events we want to show in the result.

Description: Macintosh HD:Users:jose:Desktop:DLP_reporter_Search.png

Every time a query is generated, it’s possible to export the results in CSV format. In order to do this, you have to click on the Generate Report button at the end of the page:

Description: Macintosh HD:Users:jose:Desktop:export.png

DLP Stats

The events and detail of events information is interesting, but in many cases, it’s necessary to have a view at a higher level of what is happening with confidential information or to know how the policies that we have configured are working. To do so, we will create data analysis and statistics.

Activity

In the same graph, it represents the average between severity, action, and the number of events. The policies with more events are located to the right, with the vertical axis representing the average of the actions carried out, where the block is the highest part. The average of the severity is shown in the size of the circle. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:dlp_report.png

Groups by policy

In this graph we can see the groups that carried out more events of one policy. In the top left combo box, you can select a period of time. In the top right combo box, you can select the policy.

Description: Macintosh HD:Users:jose:Desktop:group_by_policy.png

Users by policy

In this graph, we can see the users that carried out more events of one policy. In the top left combo box, you can select a period of time. In the top right combo box, you can select the policy.

Description: Macintosh HD:Users:jose:Desktop:user_by_policy.png

Policy

With the policy graph, we can analyze the policies with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:policy.png

Groups

With the policy graph we can analyze the groups with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:group.png

Sandbox Events

We can see a graph with related events with attempts to abuse applications. Under the graph, we can see a table with the list of events, ordered from the most recent to the oldest. The table has some controls at the bottom where we can refresh it or browse through.

Sandbox Stats

Applications

With the applications graph, we can analyze the policies with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:sandbox_apps.png

Groups

With the policy graph, we can analyze the groups with more activity. In the top left combo box, you can select the period of time.

Description: Macintosh HD:Users:jose:Desktop:sandbox_groups.png

Inspector search reports

When we make multiple remote searches from the Inspector section, the results are generated in this section. We can find the report by a range of dates to download in Microsoft Excel format.

Description: Macintosh HD:Users:jose:Desktop:reporter_inspector.png

Troubleshooting

Corporate Proxy

Drainware supports connection through a proxy, either configured in the system or auto-configured. However, if the proxy uses authentication, it’s necessary to enable “*.drainware.com” in the accessible domains without authentication.

If you are using SQUID, the configuration would be the next one:

acl drainware dstdomain .drainware.com

acl CONNECT method CONNECT

acl dwCONNECT dstdomain .drainware.com

http_access allow CONNECT dwCONNECT localnet

http_access allow drainware localnet

 

Share with your friends










Submit

Author

Jose Palanco

VP Threat Intelligence at ElevenPaths