This test was conducted at the Iowa State University Internet-Scale Event and Attack Generation Environment (ISEAGE) Laboratory. A VMware vSphere ESX server was set up on a Dell PowerEdge 1950 with a quad-core Xeon processor, 4GB of RAM, and a 500GB SATA hard drive.
This test was conducted at the Iowa State University Internet-Scale Event and Attack Generation Environment (ISEAGE) Laboratory. A VMware vSphere ESX server was set up on a Dell PowerEdge 1950 with a quad-core Xeon processor, 4GB of RAM and a 500GB SATA hard drive.
Virtual machines were then cloned from four base VM images for each of four operating systems to emulate endpoint devices (Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008).
The base images contained a connection to an HP network printer, eMule P2P file sharing software, OpenOffice.org, Adobe Acrobat Reader, Thunderbird, AOL Instant Messenger, and all of the sensitive data to be tested. After we discovered that vSphere will not share USB drives or CD burners to guests, physical Windows XP clients were configured to test blocking of writing to removable media or burning to optical drives.
Each vendor was required to either ship an appliance and the required endpoint software to ISEAGE, or to make the necessary software available to download. No vendor was allowed to do an on-site installation. Support was obtained on an as-needed basis, though TrendMicro and WebSense both arranged for an introductory session to familiarize us with their products. Two products – Identity Finder and WebSense – also required the creation of a management server. These were built on Windows Server 2003. The TrendMicro LeakProof physical appliance was connected into the same gigabit, switched network as the VMware server, and configured with an IP address on the test subnet.
After all three management servers were running and configured, the endpoint software was installed on each of the client VMs. Then, each combination of exfiltration method and protected file was executed to verify blocking.
This testing method only applied to WebSense and TrendMicro, as Identity Finder's functionality is based solely in discovery and remediation of sensitive data storage, and not on active blocking. For Identity Finder, a search was performed on the test data to determine what portion of the included "identity" data (names, Social Security numbers, addresses and credit card numbers) was correctly identified.
If you have a wireless key fob for a car with a remote keyless system, then you might want to start...
Anonymous hacktivists have launched cyberattacks on animal abusing X-rated websites, DDoSing, defacing...
With all the public cloud storage offerings on the market today, many vendors just want customers to...
Sponsored by Broadview Networks
Sponsored by HP
Last week it was Blue Coat, this week Websense - private equity firms looking for profitable exit
For the fastest response, you can’t beat in-path deployment of a high-performance DDoS mitigation...
Windows 10 betas are coming fast and furious. Discover what Microsoft has released so far
IT projects are not bulletproof. They are as likely to fail or encounter obstacles before coming to...