Menu

Tuesday, December 1, 2015

Data Governance & Security Solution to Prevent Internal Data Leakages

When your company expands, its is must to protect your company sensitive data without being stolen. Implementing security policies are indeed, however monitoring the policy violation would be impossible respective to the company growth. Even you bought the super firewall, it facilitates internet security from outside attackers, however minimum security for the internal data leakage.

Due to that facts, it is must to think about a complete internal data security solution rather risking your company sensitive data collection. Obviously, the question comes to your mind would be if company data has not been organized and categorized how should I start implementing such a solution?

Answer is simple, go for an enterprise solution which provides, complete data analyzing, modelling, permitting, auditing and recommending best resolutions. By considering these facts, Varonis is one of the powerful software solution which provides actionable data governance solutions for financial services, healthcare, energy, manufacturing and tech companies.

According to Varonis specification, it provides an innovative software platform that allows enterprises to map, analyze, manage and migrate their unstructured data. Varonis specializes in human-generated data, a type of unstructured data that includes an enterprise's spreadsheets, word processing documents, presentations, audio files, video files, emails, text messages and any other data created by employees. IT and business personnel deploy Varonis software for a variety of use cases, including data governance, data security, archiving, file synchronization, enhanced mobile data accessibility and information collaboration.

Following is the summary of Varonis tools, functionalities and respective features.

Varonis Tools
Functionalities
 Features
Remark
DataAdvantage Data audit and protection Bi-directional permissions view User permission view for each access point such as sharepoint, AD, mail, etc
Audit trail IO operations (open, create, delete, etc) in each access points
recommendation & modelling Based on who has permission & auditing, provide recommendations to control access
Data ownership identification Top access users for each access point
Content classification Anayze sensitive information (credit card No, Social security no, etc) and provide details on who has accessed and who is accessing those.
Multiple platform supportiveness Windows Severs, Unix, NAS devices, Exchange and public folders
DataAlerts User behaviour analytics Priviledge escalations
Critical file, folders, sites are accessed or deleted
Permissions are changed
Change is detected outside control hours
DataPrivilege Access governance Provide priviledge for business users to approve access requests No IT team support required
DataAnswers Enteprise search and eDiscovery Search folder and intranet for specific file or file metadata such as who created, opened, modified and who has access
DataAnywhere Enteprise file sync and share Turn your file share into a private cloud Private cloud features:-
- Access from mobile
- share with external parties
- Set permission
- Backup/ ID management / encryption / data classification
IDU Classification Framework Data classification Where in file system sensitive data resides
Who has accesss
Who should and shouldn’t have access 
Who uses it
Who owns it
Calculate risk percentage on data
Set prority for data based on risk
Alert on statistical deviation or spike in email/file access
Data Transport Engine Retention and migration Migrate live data  - Filter based on any criteria before migration
- Choose destination
- Set permission at the destination
- Schedule the migration
Migrate between two domains
Migrate data between windows to filshare or vice versa
Simulate migration

Are you satisfied with the above overall solution on data prevention?

I would still say no. Because even how depth it provides protection on analyzing and auditing data transfers still I could get a photo of your sensitive data collection or create a PDF version and send it to anybody. Major cons of Varonis is, it still not supporting image and PDF processing in order to governor the data content.

In that case, I would prefer to go for a solution such as NeoKami which is an Artificial Intelligent solution for governing data includes image and PDF processing as well. Comparatively, NeoKami doesn't provide all functionalities of Varonis. However, it is a powerful trainable AI solution facilitates advanced resolution for Data classification which Varonis provides.

Cheers..

Posted by at No comments:

Tuesday, November 10, 2015

Configuring Your DNS ZONE File

By overlooking most of the forum / blog posts regards to DNS configuration domains, it seems many people need to get the job done quickly, but no-body wants to spend little time to learn  and do it in the right way.

 This blog post will be a quick reference for you to learn and configure DNS ZONE file in your domain.

 What is DNS ZONE File

 A DNS zone refers to a certain portion or administrative space within the global Domain Name System (DNS). The DNS Zone file is the representation of the DNS Zone - it is the actual file, which contains all the records for a specific domain. The zone file contains mappings between domain names and IP addresses and other resources, organized in the form of text representations of resource records (RR).
The Domain Name System specifies a set of various types of resource records (RRs), which are the basic information elements of the domain name system. Each record has a type (name and number), an expiration time (time to live), a class, and type-specific data.

 Mostly used resource records (RRs) types are CNAME, A, MX, NS and SOA.
Canonical Name Record (CNAME)

A CNAME record maps a single alias or nickname to the real or Canonical name which may lie outside the current zone. Canonical simply means the expected or real name.

The following fragment shows the use of CNAME RRs to map web and ftp services to a single host.

name  ttl  class   rr     canonical name
www        IN      CNAME  server1
ftp        IN      CNAME  server1


Note:
CNAME RRs incur performance overheads. The most commonly use DNS queries are A RR for IPv4, or an AAAA RR for IPv6. Therefore it is recommended to use A RR records.

For more Info:


IPv4 Address Record (A)

An A record maps a domain to the physical IP address of the computer hosting that domain. Internet traffic uses the A record to find the computer hosting your domain's DNS settings. The value of an A record is always an IP address, and multiple A records can be configured for one domain name.

For example if you need to route posapp.example.com to your host IPv4 address and posapp is the owner-name which does not have a real host name of the PC or server, following is the format.

owner-name  ttl  class   rr     ipv4
alice            IN      A     192.168.254.3

If you need to route any non-existent sub-domain name to your host, for example *.example.com following is the format. 

owner-name  ttl  class   rr     ipv4
   *              IN     A     192.168.2.1;

A record for "@", represents the IP address for the root domain (mysite.com).

owner-name  ttl  class   rr     ipv4
   @              IN     A     192.168.2.1;

Once you configure ‘*’ your domain name become a "naked" domain address. That’s mean you can simply type http://example.com and browse to your site.
When defining non-existent Host Names (or 'labels' in DNS jargon), in above example (alice or *) we need to follow certain standards specified in below articles.



Mail Exchange Record (MX)

Specifies the name and relative preference of mail servers (mail exchangers in the DNS jargon) for the zone. The MX RR is used by external SMTP (Mail) Agents to route incoming mail for the domain.

owner-name     ttl  class   rr  pref  name
example.com.   3w   IN      MX  10    mail.example.com.

The pref (Preference) field is relative to any other MX record for the zone (value 0 to 65535). Low values are more preferred. The pref field is used by the SMTP (Mail) Agent to select the most preferred (lowest pref value) mail server. If this mail server is unavailable (down or too busy) then if a lower preference mail server is defined (has a higher pref value) it is tried.

For More Info:


Name Server Record (NS)

A NS record or (name server record) tells recursive name servers which are authoritative for a zone.  Recursive name servers look at the NS records to work out who to ask next when resolving a name. You can have as many NS records as you would like in your zone file.   The benefit of having multiple NS records is redundancy of your DNS service. 

owner-name     ttl  class   rr     target-name
example.com.        IN      NS      ns1.example.com.


Following picture describes what authoritative name servers are:

For More Info:


Start of Authority Resource Record (SOA)

The SOA defines the global parameters for the zone (domain). There is only one SOA record allowed in a zone file it must be the first RR in the zone.

owner-name  ttl class rr    name-server email-addr  (sn ref ret ex min)
example.com.    IN    SOA   ns.example.com. hostmaster.example.com. (
                              2003080800 ; sn = serial number
                              172800     ; ref = refresh = 2d
                              900        ; ret = update retry = 15m
                              1209600    ; ex = expiry = 2w
                              3600       ; nx = nxdomain ttl = 1h
                              )
; the following are also valid using @ and blank 
@               IN    SOA   ns.example.com. hostmaster.example.com. (
                IN    SOA   ns.example.com. hostmaster.example.com. (

For More Info:



Posted by at No comments:

Monday, October 19, 2015

Short & Sweet Advice from Warren Buffett

I just found an old email and thought that still it is a valuable advice to be shared. This what billionaire investor Warren Buffett's advice during economic crisis happened during year 2009 however it's still  valid even after 6 years of time.


Posted by at No comments:
Subscribe to: Posts (Atom)