This test was conducted at the Iowa State University Internet-Scale Event and Attack Generation Environment (ISEAGE) Laboratory. A VMware vSphere ESX server was set up on a Dell PowerEdge 1950 with a quad-core Xeon processor, 4GB of RAM, and a 500GB SATA hard drive.
This test was conducted at the Iowa State University Internet-Scale Event and Attack Generation Environment (ISEAGE) Laboratory. A VMware vSphere ESX server was set up on a Dell PowerEdge 1950 with a quad-core Xeon processor, 4GB of RAM and a 500GB SATA hard drive.
Virtual machines were then cloned from four base VM images for each of four operating systems to emulate endpoint devices (Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008).
The base images contained a connection to an HP network printer, eMule P2P file sharing software, OpenOffice.org, Adobe Acrobat Reader, Thunderbird, AOL Instant Messenger, and all of the sensitive data to be tested. After we discovered that vSphere will not share USB drives or CD burners to guests, physical Windows XP clients were configured to test blocking of writing to removable media or burning to optical drives.
Each vendor was required to either ship an appliance and the required endpoint software to ISEAGE, or to make the necessary software available to download. No vendor was allowed to do an on-site installation. Support was obtained on an as-needed basis, though TrendMicro and WebSense both arranged for an introductory session to familiarize us with their products. Two products – Identity Finder and WebSense – also required the creation of a management server. These were built on Windows Server 2003. The TrendMicro LeakProof physical appliance was connected into the same gigabit, switched network as the VMware server, and configured with an IP address on the test subnet.
After all three management servers were running and configured, the endpoint software was installed on each of the client VMs. Then, each combination of exfiltration method and protected file was executed to verify blocking.
This testing method only applied to WebSense and TrendMicro, as Identity Finder's functionality is based solely in discovery and remediation of sensitive data storage, and not on active blocking. For Identity Finder, a search was performed on the test data to determine what portion of the included "identity" data (names, Social Security numbers, addresses and credit card numbers) was correctly identified.
The new president of Microsoft France says Microsoft is giving up on the consumer mobile market.
As the containers vs. virtual machine debate rages on, new research finds that containers could yield...
By forcing Windows 10 on users, Microsoft has lost the tenuous trust and credibility users had in the...
Clever use of history commands to help you move faster on the Unix command line.
Marten Mickos is crowdsourcing security with a growing army of ethical hackers who can help your...
Enterprises gain more options to mix and match internal and external clouds -- if they can adapt.
How do you get started using the cloud? To have a successful cloud deployment, it’s helpful to have a...