Posts

SSN Detection Alert with GAT Shield

To set up an alert rule in  GAT Shield for Social Security Number detection

Within GAT Shield you will find a template rule for detecting Social Security Numbers on any website you users visit or if they themselves type it into a webpage.

  1. In the Configuration Area, Alert Rules click on ‘Add a template rule’ and choose US SSN entered.
  1. Take the following actions:
  • Check the box to activate the rule.
  • Select the users, groups or Org Unit you want this rule to be applied to, If you leave the Scope blank all users with GAT Shield extension will be covered.
  • (Optional) Show a warning message or take no end user action.
  • (Optional) Report matched Text – will send you the text they typed attached with the email you receive.
  • (Optional) Check the box ‘Report Screen Capture’ to take a screenshot of the page.
  • (Optional) Check the box ‘Report Webcam Capture’ to take a web picture of the user behind the device.
  1. Click on Save.

The reg. ex. Inside of this template matches any valid SSN and by default, it has a weight of 1. If other keywords occur on the same page they each have their own weight. If the total weight is equal to or above 3 the rule will be fired.
You can also add your own keyword, or edit the regex, to exclude numbers like local area codes as an example (345,214,526,732)

The regex option we have is:
\b(?!000)(?!666)([0-6]\d{2}|7([0-356]\d|7[012]))[- ]?(?!00)\d{2}[- ]?(?!0000)\d{4}\b

We can edit this to exclude your local code:
\b(?!00)(?!000)(?!345)(?!214)(?!526)(?!732)(?!666)([0-6]\d{2}|7([0-356]\d|7[012]))[- ]?(?!00)\d{2}[- ]?(?!0000)\d{4}\b

Once you select the scope you would like to cover the rule will be active and alerts will be sent to an Admin every time the rule is violated.

Example of an email received by a super admin.


Chrome ‘Device Usage’ Alerts in GAT Shield

Do you want to track down a missing device? Do you know the serial number? Or know the last person using it? If yes, you can use GAT Shield Device Usage alert to get notified.

How to Configure this Alert.

1.Launch the GAT Shield tool.

2.Enter the Alert Rules section.

3.Select Device Usage from the ‘Add a rule’ drop-down menu.

4.Give the rule a meaningful name. Check the box to activate the rule. Now, enter the user’s email address and/or serial number. If both are entered one of them will take precedence if detected first when the rule is triggered on the device.

5.Check the box Report Screen Capture to take a screenshot of the page they were browsing at the time the rule is fired.

6.Optionally you can take a webcam picture of the person behind the device.

7.There is an option to display a message to the user if you turn ON End user action.

Once the alert is triggered an email is sent to the G Suite Super Admin.


When GAT  Shield receives a signal that the device is active, the admin will receive an email with a screenshot of the page opened, and location on a map where the device is located.
The Device Usage rule will be switched to disabled once the rule is fired to prevent getting multiple alerts for the same user or device.

Block Messaging in YouTube with GAT Shield

Google has introduced a new messaging feature inside of Youtube. This creates a lot of headaches for school districts who have disabled Google Meet and Hangouts chats in their school district through the G Suite Admin Console.

Now, students have an alternative way to chat between themselves through Youtube.

How does it work?

Students can generate a unique link to connect to other users, they share this link through other means. Once other students click on the link and accept the invitation then they can begin chatting.

Blocking Youtube messaging for Students

In GAT Shield Configuration area enter the Youtube Message Access section.

To activate this feature check the box for Block Youtube Message Channel. Now, decide which students will have this rule applied to them. For the scope selection, you can choose Users, members of Google Groups, or Org Units of students.

Expected Outcome for Students

Students will no longer see the Youtube Messaging Icon to begin a chat or to read existing chats.

Before

After

Note that the messaging icon is no longer visible.

Block Whole Categories of Websites with GAT Shield

GAT+ Shield – Sites Access control, Admins can block whole categories of websites that they deem are not suitable for their user base. In addition, Admins can create and edit custom categories which include exception sub-pages.

For example, you can block Site domain but allow access to subdomains. So below we create an example of how this can be achieved. First we create a rule to block site.

GAT Shield's "new user defined sites access category"

Once the Site rule is created activate it by selecting the arrow and moving the rule to the Active Site Access rules

the "user defined site access categories" in GAT Shield

When we select the arrow we are prompted to a window to select the scope for this rule.

An admin can select time restrictions, leave a warning message to the users, select a scope (the scope can be Chrome device only) and save.

"new site access rule for 'block domain example' category.

The rule will be active and moved to Active Sites Access rules and users will be blocked from the pages you select.

"user defined site access categories" gat shield

The same way we can whitelist the subdomain page. All we have to do is choose the subdomain and add it as a whitelist. Select to +Add a Site Access Category and add a rule as a Whitelist and activate the same way as blacklist.

GAT Shield's "edit 'allow sub-domain example' user defined site access category.

Once the Whitelist is applied and moved to Active Site Access rules it will take a precedence over the Blacklist and allow the users to open the page, but they will be blocked on the pages from the Blacklist.

Here’s how to automatically block and approve URL sets with GAT Shield.

How to Install and Configure GAT Shield on Your Domain

In this how-to, we will be covering how to install and configure GAT Shield. Below is the video tutorial about the same topic:

To start off, go to the device management section of your admin console. Once here, select Chrome Management on the left side of the screen.

Next, select ‘user settings’. Now choose the route OU to install GAT Shield domain-wide. Alternatively, you can choose a sub OU and install it to that separately. Once you have that selected, scroll down to ‘force-installed apps and extensions’. Select ‘manage force installed apps’.

Select force installed apps

Now select ‘specify a custom app’. There are two versions of GAT Shield which are available. One open version and one closed. The open version allows the end user to see all the environment information from their Chrome browser, including where and how they are spending their time and other useful details about their Chrome environment. This version is also a recommended way for parents to monitor their child’s online activity.

Data seen in the GAT Shield 'open' and free version

 

The closed version will only display an icon but the end user can’t access it.

GAT Shield 'closed' version will only show an icon to the end user

Both versions IDs and URLs are available at the end of this post. Once the app is installed, every user who logs into their Chrome environment with zero domain credentials will have the app automatically installed. The end user cannot override this setting. Make sure to save changes. Next, we’ll get the GAT Shield companion app which allows Shield to capture a snapshot from the user’s webcam should they violate an alert rule. The ID and URL for this app is also available at the end of this post. Please follow the same installation procedure for GAT Shield for this companion app. Now we must scroll down to the task manager setting and select ‘block users from ending processes’ with the chrome task manager. Be sure to save your changes.

Select "block users from ending processes with Chrome task manager"

The next step, we’ll cover enabling serial number collection for Chrome devices. Please note this step requires the purchase of Google device manager. You can find out more information at the end of this post. GAT Shield can collect the serial numbers from the Chrome OS based device it is deployed to. This can be useful for asset tracking and ‘proof of use’ tracking. To enable this feature, we need to configure some additional settings in the G suite chrome management console. First, ensure all devices are enrolled on your domain. This will not work for any device that isn’t. Also, make sure that GAT Shield is deployed. Secondly, navigate to the Chrome management window then select Device Settings. Again you’ll have the choice to select either to route OU or a sub OU. Now for verified access, set it to enable for enterprise extensions and
enable for content protection and in addition at the following as the verified service account. This will also be at the end of this post to copy and paste over.

Remember to save when configured. Next, navigate to the chrome management section and select app management. Once there, search for the following app. You can find this code at the end of this post. Add it to your list of apps. Save when done.

search for the following app. You can find this code in the description of this video. Add it to your list of apps. Save when done.

Once the app is installed. Double click on the listing for the new app GAT Shield verifier. Select the user settings and set the switches as shown in the below image.

Adjust settings for GAT Shield

GAT Shield will now start reporting to device serial number in the Shield User device geo reporting section of the GAT shield tool. Now you should have GAT Shield fully deployed.

 

Further Information and code:

Closed version ID/URL

    • ID : khbkdfddenodbcodjcnfpgogceaegjpa

    • https://ext.generalaudittool.com/extension/gatshield/hidden/update.xml

Open version ID/URL
  • Production version (Open User Interface, end users can see it) :

    • ID : ipjhmihnfkijoeogfaedonidfncegkfe

    • https://ext.generalaudittool.com/extension/gatshield/ui/update.xml

Shield Companion App(webcam support) ID/URL

  • id : lncmmomdcmcilmblgmnlinenbinjklgg

  • https://ext.generalaudittool.com/extension/shield_companion/update.xml

Google Chrome device management is required for serial number collection with GAT Shield.

For the verified service account please paste:

verified-access-api@gat-shield-va.iam.gserviceaccount.com

Shield Verifier ID –  ceiljdpelbjifndpnihkmhpebidiklnm

What Are My Users Searching on Gmail, Google, Youtube and Other Search Engines

In GAT Shield a word cloud is displayed to show queries being searched by your users, this helps to highlight what students and staff are searching for across different search engines.

Like GAT+, GAT Shield allows you to refine your search by selecting a User, Group, OU or domain and then selecting which search engine you are interested in. To do this click on the ‘Apply custom filter’ button on the top right corner of the page.

Apply custom filter

Select the search parameters that you are interested in viewing, for this example I’ve selected an OU structure, the Google search engine and searches after July 1st 2018.

Select the search parameters you are interested in viewing

Now, I will see all of the queries being entered into Google for the Marketing user OU.

export this information to a CSV file

I can then export this information to a CSV file.

export this information to a CSV file.

See All Searches Happening on Your Organisation’s Chrome Devices and Chrome Browsers

In this how-to, we’ll be covering GAT Shield searches. we will show you how you can see all the searches happening on your organisation’s Chrome devices and Chrome browsers.

You can see the short video tutorial below:

In GAT Shield Searches, you’ll be able to see all the searches happening across your Chrome devices on your Chrome browsers. Here, you can see the query the user inputted and the search engine they used. How long ago they did the search and who it was. Clicking the ‘eye’ icon will allow you to see the details of that search in the GAT Shield instance details. You can get the shield UUID. This is a unique ID that can be used in the user device geo reporting section to find a device the search was performed on.

the 'search details' tab within the 'searches' audit in GAT Shield

In this example, we’ll use a filter to see if any searches from our domain contained a words ‘GitHub’. We’ll also name the filter ‘GitHub’ query. Now if we apply and save this filter, it will be applied and can be used again from the ‘save’ tab.

the 'search filters' in GAT Shield

Using the alert rules configuration section, you can add a rule that can detect searches and report them should they violate the rule. Here you can add a rule for searches. In this example, we’re using a regular expression to detect if a user types wolf or snake into a search engine. We’ve set it so that the rule will only be active for these two users. You can choose whether to only show a warning or also close their web page. With these buttons, you can report the site name take a screen shot and/or a snapshot from their webcam at the time of the search.

the 'edit alert rule' option in GAT Shield

We hope you found this post hopeful and if you have any questions, please don’t hesitate to reach out to us via email (support@generalaudittool.com) or live chat.

Default Settings in GAT Shield

GAT Shield now lets you set a range of default settings for the Shield environment, one of them being the default domain. For our customers with multiple domains, this will be very useful as it will allow the data from the main domain to appear first on all screens.

GAT Shield default settings

How to Set an Alert Type Based IP Address or IP subnet

GAT Shield has a new Alert Type based on IP address or IP subnet. Admins can now set an alarm when a user uses a Chrome browser on a particular address or subnet. The rule can also be reversed to alarm when a device is used off an address or subnet. This is ideal for use in locations where the Google GPS function (used by GAT for map-based alerts) is not well defined or the workspace is very narrow.

Image showing GAT Shield add alert rule for an IP address

 

Location-Based Alerts and Access Control for Chromebooks with GAT Shield

GAT Shield supports the use of Location maps to provide alerting and/or access control for Admins.

To configure an out of area access alert as an Admin go to the GAT Shield Admin console and under ‘configuration’ select ‘Alert Rules’. From here select ‘Add Rule’ and then choose ‘Location’ from the dropdown list.

From here you can use ‘Select area’ to have GAT present you with a map to help you select your coordinates. The map can be dragged to fit the selection area. You can also zoom in and out. The coordinate box itself may also be changed in shape.

When selecting an alert for this type of rule it is probably a good idea not to alert the end user coming from outside the territory. If this is the case make sure that the End user action is set to ‘no action will be taken’. You may however wish to take a photograph of the person in breach of the rule. (Report webcam capture)

The alert will be sent to the Admin configuring the rule.

A similar map can also be used under ‘Network’ configuration to set up an exclusion zone from which users will not be allowed to log into your domain.

In this case select ‘Network’, then select the area from which logins are allowed (inside the box) and click ‘OK’ to enforce the rule.