Identity Finder
From CVL Wiki
Line 103: | Line 103: | ||
#* Remember that your TrueCrypt Volume will dismount automatically if you do not use it for the ____ minutes set in the instructions above | #* Remember that your TrueCrypt Volume will dismount automatically if you do not use it for the ____ minutes set in the instructions above | ||
#When you are finished working with your TrueCrypt volume, remember to '''Dismount'''! | #When you are finished working with your TrueCrypt volume, remember to '''Dismount'''! | ||
+ | ---- | ||
+ | Please contact John Harris or Branden McKagen for questions or concerns. |
Revision as of 15:02, 26 July 2011
Protecting sensitive information is important to Virginia Tech and ECE. Virginia Tech’s Standard for Storing and Transmitting Personally Identifying Information defines 7 data elements that must be protected with encryption when kept on your computer.
- Social security number
- Bank account numbers
- Driver’s license numbers
- Credit card numbers
- Debit card numbers
- Passport numbers
- Date of Birth in the same document as first and last name
Finding these data elements can be challenging. To help find this sensitive information, Virginia Tech has purchased a site license for Identity Finder. Identity Finder is commercial software that searches for sensitive data such as social security numbers, credit card numbers, and a variety of other data elements. It is a powerful tool that faculty and staff can use to find sensitive data on their Virginia Tech owned machines and storage. For more information on the VT Policies for securely storing and using sensitive data, please see the following:
- VT Policy for Standard for Storing and Transmitting Personally Identifying Information
- VT Security Standards for Social Security Numbers
The Bradley Department of Computer and Electrical Engineering encourages using Identity Finder to find any sensitive information on your computer(s). When this information is found, we recommend either securely removing the file(s) or email(s) using the Identity Finder Shred function or by encrypting the data using using TrueCrypt and the VT eToken (see below)
Contents |
Installing Identity Finder
To install a stand-alone version of Identity Finder, please see the instructions at the VT Identity Finder page.
The Bradley Department of Computer and Electrical Engineering recommends registering your copy of Identity Finder with our ECE Server Console. By registering with our Console, your Identity Finder install will be centrally managed by the ECE IT team and your computer will be scanned automatically once a month.
Install and Register Identity Finder with the ECE Server Console (Windows)
- Open a web page to https://identity.ece.vt.edu/Services
- Click the link for your version of Windows and save the file to your computer
- How to check if Windows is 32-bit or 64-bit
- See below if you are using a Macintosh
- Open the containing folder and double click the ClientSettings.reg file
- Note: Firefox appends a .txt to the file, you need to rename the file to remove the .txt
- Accept the prompts to edit the registry
- Download Identity Finder from http://network.software.vt.edu
- Install Identity Finder
- Once Identity Finder is installed, you're done. You can scan the computer on your own, or let the ECE Server Console handle the scheduling.
- Note: If you have already installed Identity Finder and wish to register your copy with the ECE Server Console, please follow Steps 1-4 above and then restart the Identity Finder Endpoint Service
- Click Start, click Control Panel, double-click Administrative Tools, and then double-click Services.
- In the Details Pane, scroll down to Identity Finder Endpoint Service, right-click and select Start
Install and Register Identity Finder with the ECE Server Console (Macintosh)
Instructions forthcoming
Using TrueCrypt and VT Personal eToken to encrypt your data
- ECE recommends using the VT Personal eToken with a keyfile instead of a normal password. This method provides both physical security and lets you to copy the keyfile to a remote secure location for backup and recovery. The ECE IT Group strongly recommends backing up your keyfile, and offers backup services to this end.
Creating the TrueCrypt Volume and Keyfile
- Download and install TrueCrypt and the Virginia Tech eToken software
- Open TrueCrypt
- Click on Settings menu -> Security Tokens...
- In the dialog box enter the following and click OK:
- Windows: C:\Windows\system32\etpkcs11.dll
- OS X: /usr/local/lib/libeTPkcs11.dylib
- Click on Tools menu -> Keyfile Generator
- Note: Technically any file can be a keyfile, however we recommend creating a new one with the built-in tool
- Follow the instructions at the top of the window, then select Generate and Save Keyfile... and choose a easy-to-remember filename.
- Click OK to close the Keyfiles window
- Insert your VT eToken into a USB slot
- Click on Tools menu -> Manage Security Token Keyfiles... and enter the eToken password
- Note: If you are not prompted for your eToken password, please make sure that you have properly installed the eToken software.
- Click on Import Keyfile to Token...
- Select the keyfile you created in step 5 and click Open
- Click OK twice to close out of the Security Token windows.
- Click on Settings menu -> Default Keyfiles...
- Click on Add Token Files...
- Select your eToken name and click OK twice to close the windows.
- Read the prompt and click Yes
- Click on Create Volume to start the Volume Creation Wizard
- Select Create an encrypted file container and click Next
- Select Standard TrueCrypt volume and click Next
- Click Select File..., choose a filename and location for your TrueCrypt volume and click Next
- IMPORTANT: This file is the encrypted "folder" where you will be putting your sensitive data, remember where you save it!!
- Select AES in the drop-down menu and click Next
- Choose a volume size appropriate for your files. This is a static volume size, you will need to make a new TrueCrypt volume if you run out of room for your files.
- Leave the password boxes clear, check Use keyfiles and click on Keyfiles...
- Select your eToken name and click OK,
- Click Next
- Enter your eToken password
- Keep the default Filesystem options (FAT, Default, uncheck Dynamic) and move your mouse as randomly as possible for a brief time before clicking Format
- Click OK, then Next, then Cancel to close the Volume Creation Wizard
- Click Settings menu -> Preferences
- Under the Auto-Dismount section:
- Check "User logs off" (default)
- Check "Screen saver is launched"
- Check "Auto-dismount volume after no data has been read/written to it for ____ minutes" (Recommended 25 minutes)
- Check "Force auto-dismount even if volume contains open files or directories" (default)
- Click OK to close the preference window
- See the next section for instructions on mounting the TrueCrypt Volume you have just created
Mounting your TrueCrypt Volume
- Open TrueCrypt
- Insert your VT eToken into a USB slot
- Select a drive letter in the main window
- In the "Volume" section, click on Select File...'
- Select the TrueCrypt Volume file you created in the section above and click Open
- Click on Mount
- Enter your eToken password and click OK
- Your TrueCrypt Volume will open in a new Windows Explorer window, and you can move your files to the folder. The volume is mounted as an additional drive under Computer
- Remember that your TrueCrypt Volume will dismount automatically if you do not use it for the ____ minutes set in the instructions above
- When you are finished working with your TrueCrypt volume, remember to Dismount!
Please contact John Harris or Branden McKagen for questions or concerns.