Sep 25
Spirion SQL 2016 Requirement

As we move forward with a delivery of the next version of Spirion one of the prerequisites moving forward using Microsoft SQL Server is to have SP1 installed. This is a good practice to be patched and up to date on your Windows servers and SQL servers.

https://support.spirion.com/hc/en-us/articles/115000019051-Console-Setup-Validation-Rules

Sep 22
GDPR and Data Management

The General Data Protection Regulation

On May 25, 2018 a new regulation across Europe known as The General Data Protection Regulation (GDPR) will be enacted. This transformational regulation defines measures that must be in place to effectively manage data at rest.

From a technical perspective there will be several provisions of the GDPR as they pertain to technical measures organizations must implement to protect and understand their data footprint. As an organization, your due diligence is to protect any data and more specifically data about any individual.

The required technical controls are still being defined and it's quite clear you must know what data you collect (for real) and where it is (for real)?

Reality

Security practitioners will be challenged to align their organizations to comply with the GDPR provisions. The technical controls you have or plan to implement now will affect business anywhere in the world that collect any European (EU) data, so it is up to the organization to understand the data footprint. Understanding the types of data being collected and where data is located (Databases, File servers, laptops, desktops, e-mail, websites such as SharePoint, etc.) are extremely important as it related to GDPR. You cannot protect data an organization is unaware of or its location.

Data is part of any business and the management of where that data exists is very challenging. As an IT professional for 20 years protecting all forms of data my experience is that any rights management process cannot assure you that all your data only exists on your database or file servers. We are humans and we all copy data from these devices to work on our local workstations or devices we take home. Once this data leaves these central repositories we have extended our network and organizational resources scope of security responsibility beyond the network.

What's Next?

The principal security posture is awareness of the data type (CCN, NIN, PIN, NID, ssPIN, etc) footprint and the sensitivity of this data through data classification for risk management, legal discovery, and compliance.  Written business procedures and guidelines define the classifications however; it is the responsibility of the employees to specify appropriate data handling procedures, retention, and appropriate storage.

Data stewardship is a passion of mine that matured over the decades of developing written process and then implementing technical operations to facilitate the written process.  Data is difficult to appropriately manage through manual process alone.  As a key player stewarding data for more time than anyone could digest I hope to provide some perspective and lessons learned through my journey of interpreting business logic process and building technical process and implementation around the discovery and handling of data and how it aligns with the GDPR.

More to come… Article 5(2), 25(1), 32(b)

Sep 13
My Experience Report as a Former Spirion Customer and Advocate

My Experience as a Former Spirion Customer and Advocate and now a member of the Spirion Team.
https://www.spirion.com/blog/experience-report-former-spirion-customer-advocate/

Sep 12
Using Spirion for Data Retention

One of the helpful workflow rules provided in Spirion is the ability to Shred or Quarantine data that has not been accessed for a duration of time or data older than so many Days/Months/Years, etc.

To do this following these steps:

  1. Navigate to the Console > Ribbon > Choose Workflow.
  2. Select Rule and choose Add.
    1. Select the Definition tab.
      1. Select the following Definition options:
        1. Access Date / Last X Years / 30
          1. This rule states that any document not access in 30 years
        2. Create Date / Older Than X Months / 360
          1. This rule states any document created more than 30 years ago
      2. (See Image)
    2. Select the Actions tab.
      1. Select the Perform the following remediation action:
        1. Quarantine to move data to an offline or hardened storage device. ​
        2. Shred to delete the data using DOD multi pass process.
  3. Complete the remaining tabs
  4. Select Finish


This workflow will now provide a data retention function.

Sep 07
Spirion Create Stop All Tasks

Scenario - After a scan task has been initiated, how do you stop the already running Spirion scan. This may be required to stop a scan if an operations team needs to perform maintenance on the endpoint for patching, etc.

  • To stop a scan in progress you create an empty "Scheduled Task" in the Console in the Policies tab.  You assign the endpoint you wish to execute the stop request to the this "Scheduled Task" using the below image options settings.  Because the agent has already executed a command from the Console its necessary to create an additional "Stop Scan(s)" policy template to execute the additional command.
    • Settings:
      One Time
      Local System Account
      Stop all instances of Spirion and run this search
      Do not run

  1. The agent will receive this new task policy update, stop the existing search, and execute this empty task.  This empty task will not initiate any command except a stop all instances of Spirion scans.
Sep 07
Spirion Search Progress “Deletion”

To clear jobs you can set this in the application settings screen.

Days to keep completed search progress information.

By default, search progress information for completed searches is kept for 7 days. Valid values are 0-9,999. A value of 0 means the search progress information of a completed search will be deleted the next time the Importing service job executes.  The default value is 7 which will cause search progress information to be deleted 7 days after the search has completed.

http://my.spirion.com/Help/EnterpriseConsole/index.htm#3436.htm#o3489

Aug 02
Spirion RBAC Active Directory Security Groups

This guide resource from the Spirion user guide should help in addition to the specific settings I have provided below - https://my.spirion.com/help/enterpriseconsole/index.htm#3460.htm?Highlight=groups

Pre-configuration using Active Directory Security Groups

  1. Open the Spirion Console Administrator Tool (CAT).
    1. The console must have the Enable AD User Authentication: setup for the following.
      1. For Example.
      2. Verify that Allow Auto-Roles: is selected.

The following are specific setup steps to setup an AD Group.

  1. Locate the AD Groups domain group Properties by using the Active Directory Users and Computers Snap in > Select the Attribute Editor > Select the distingusedName.
    1. Copy the Value from this field, for example.
      1. CN=SPIRION_ADMINS,OU=Spirion,OU=Security_Groups,OU=Demographic.
    2. Pro Tip* You can test the above LDAP path using the CAT > Authentication and AD Settings side tab and clicking the Test button at the bottom by either pasting the path into the LDAP Query: box or by navigating to it by clicking the Verify Query bottom which will display the AD OU's.
  2. Navigate to the Console > Admin Tab > Roles.
    1. Create a new Role > The Create Role window opens.
      1. Select the Click here to add new item under the AD Groups:
        1. Note* AD Roots is not used for single forest domains.
  3. Add the value copied from the distingusedName for the group.
    1. Click OK.
      1. Assign the General Permissions and Tag Permissions as appropriate.
  4. Have the AD User log into the console to verify access.
Jul 20
Spirion Custom MSI Package Builder Creation

To upgrade or customize the Windows client build an MSI using the Identity Finder MSI Builder.

The following article has instructions and a download link for the Identity Finder MSI Builder version 10 - https://identityfinder.zendesk.com/hc/en-us/articles/115000019892#Creating%20an%20MSI%20Using%20MSIBuilder

These are the custom settings I use.

Jul 18
Spirion Console Server Web Security

After installing the Spirion Console on Windows Server 2016 and opening the web console in Microsoft Internet Explorer or Microsoft Edge, you will be prompted by several Windows security alerts or the web page may display {{r.rootService.loggedInUserDisplay}}. To adjust these setting to trust the console sites follow these simple web browser configurations.

 

  1. Open the Microsoft Internet Explorer Tools menu.
  2. Select Internet option > Security Tab > Select Trusted sites > Click Sites
  3. Add the URL(s)
    1. http://localhost/Console
    2. https://localhost/Console
  4. Click Add
  5. Click Close
  6. Next, Open the Windows Server Manager
  7. Select Local Server
  8. Click on the IE Enhanced Security Configuration property.
  9. Select Off for the Administrators: option.

More information about the security feature - https://support.microsoft.com/en-us/help/815141/internet-explorer-enhanced-security-configuration-changes-the-browsing

Jul 12
Spirion SDM Add Roles and Features Requirements

When installing Windows Server 2012-2016 use refer to the the following XML file which provides the necessary Roles and Features that must be installed on the server for ID Finder 8 Server Console.

AddRolesandFeaturesDeploymentConfigTemplate.xml

Add-On

  1. Download and Install Microsoft .NET Framework 4.5.2 - http://www.microsoft.com/en-us/download/details.aspx?id=42642 

Server Roles

  • Install these Roles first and then rerun the setup to proceed to the Role Services.  Ensure that the following Roles are listed as "installed".  If the roles are not installed, select "Add Roles" and add the appropriate role(s):
  • Application Server - Depricated in Server 2012R2 - 2016, however this will still install and pass all rules without installing this Server Role.
  • Web Server (IIS)

Features (Next Screen)

  • .Net Framework 4.6 Features
    • .NET Framework 4.6
    • ASP.NET 4.6
    • WCF Services
      • HTTP Activation
      • TCP Port Sharing

Web Server Role (IIS) - Role Services

  • Web Server         
    • Common HTTP Features             
      • Default Document
      • Directory Browsing
      • HTTP Errors
      • Static Content
      • HTTP Redirection
    • Health and Diagnostics
      • HTTP Logging
      • Logging Tools
      • Request Monitor
      • Tracing
    • Performance
      • Static Content Compression
      • Dynamic Content Compression
    • Security
      • Basic Authentication
    • Application Development
      • .NET Extensibility 4.6
      • ASP
      • ASP.NET 4.6
      • ISAPI Extensions
      • ISAPI Filters
    • Management Tools
      • IIS Management Console
      • IIS Management Scripts and Tools
      • Management Service

Additional Role

After installing the above requirements, run the Roles and Features Wizard again and add the following.

  • Application Server
    • Web Server (IIS) Support

Resources

https://identityfinder.zendesk.com/hc/en-us/articles/115000019092-Console-Deployment-Guide

1 - 10Next
Copyright © | CoryRetherford, LLC | Contact MeNetwork Storage and Security Solutions, LLC, Rights Reserved.®
TLS 1.2, AES with 256 bit encryption

 ‭(Hidden)‬ Blog Tools