This article can also be found in the Premium Editorial Download "Information Security magazine: Security researchers on biometrics, insider threats, encryption and virtualization."
Download it now to read this article plus other related content.
To protect the important data on your network, you have to be able to identify what information you care about, locate it and report. Deepdive's DD300 appliance helps you manage this daunting task with its powerful search capabilities.
The DD300 interface is a modern .NET Win32 application that installs in seconds. Built on proprietary Linux and hardware ASICs, the DD300 plugs passively into any network and readily accepts a DHCP address. Configuration walks you through all initial network settings. It can be up and running in minutes.
You can do network discovery or specify known targets. The DD300 will report all network file shares advertised on any host. Discovery is benign, using a standard RPC call requesting available shares. It's also quick, but enumerating the shares on the hosts does take time.
We conducted our test discovery on a local subnet using the range of IP address option. The resulting enumeration of the shares is displayed in the familiar tree layout.
Indexing is as easy as discovery and is accomplished in a single pass--simply check the hosts you want. You can select single or multiple hosts, even specific folders and subfolders.
At selection time, the DD300 will prompt you to mount the shares. There's some waiting if you are mounting dozens of shares.
The indexing configuration wizard takes you logically through a comprehensive sanity check to ensure you index only content you are interested in. To speed indexing, common .dll, binary and system files are excluded by default.
This was first published in November 2008