Educause Security Discussion mailing list archives
Re: Identify Finder
From: Felecia Vlahos <fvlahos () COX NET>
Date: Thu, 28 Feb 2008 10:37:22 -0800
Sharon, Here at San Diego State (and in our collective California State University ISO group) we are studying various SSN and credit card search tools. When picking a tool our goals at SDSU were to have both a tool that could be deployed across campus to search for legacy SSN (we switched to a unique campus ID in 2004, but found our faculty needed to keep grade sheets with SSN for many years), and to use in incident response to gather information for potential notification processes. We are in the final reporting stages of testing various tools, including Identity Finder, Content Sentinel (just bought by RSA), Spider, Virgina Tech Find_SSN, Safe Vantage Technologies Deep Scout, and SenfNet. Our findings on all the tools were pretty dismal for both our goals. For the goal of incident response assistance: we had data, copied from laptops just prior to being stolen, that illuminated for us that our faculty may not use the standard 999-99-9999 or even 9999999 format for SSNs in a column. Instead, much of the data in the academic world is in a format where the SSN is spread across three columns. The tools we tested cannot find this SSN format. Therefore we would still have to perform the painstaking effort of searching through each file manually. For the second goal of finding static data at rest. Well, see the limitations we listed for our first goal, they apply here as well. But still, if we could find a tool that removed a sizeable portion of the data, it would still reduce risk, and be worth the investment in the tool and process. We were looking for two types of tools in this goal, both a centralized tool (deployable with Active Directory or other desktop management software on campus) and a standalone tool (deployable by users or IT support staff on faculty or stand alone managed systems). We are very pleased with Virgina Tech's SSN_Find (and improvement over Spider for finding contiguous SSNs, or SSNs with spaces). Although Spider works on Windows, Mac, and Unix versions. For the second goal for enterprise software we looked at Identity Finder, Tablus Content Sentinel, and a local startup company, Safe Vantage Technologies Deep Scout. We found all three vendors responsive. The dominator in results and flexibility of use was Content Sentinel. However, a "gotcha" to these tools is that they give the server direct access to the information found on the client. So, if you have a single server hooked into clients throughout your university, your one server has access, may include update/delete access, to view all the data. With this inadvertent centralized "share mapping" of your SSN/credit card data, one stop shopping for hackers, and a huge issue for authorized access to the information. Content Sentinel has promised their next version, due out in May, will have better role functionality to eliminate or reduce the threat of the inadvertent centralized mapping and access from the scanning server. Also Content Sentinel plans to support Mac and Unix version in their August version release. We also found Content Sentinel to dominate in the reporting between the 3 enterprise products. Bottom line, no silver bullets from one tool to meet our needs. But, still some good results to minimize risk as the vendors continue their development. We are probably going to look at combinations for our use. Note: all my info came from work my associate, Alan Belshaw, performed. Please direct any questions to him directly at Alan Belshaw <abelshaw () mail sdsu edu>. Also, for those of you attending Secure IT in San Diego next week, we will have more details at our display booth. Thanks Felecia Vlahos, CISSP Information Security Officer San Diego State University 619-594-4049, fvlahos () mail sdsu edu ------- Forwarded message ------- From: "McNeil, Sharon McLawhorn" <McLawhorns () ECU EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Cc: Subject: [SECURITY] Identify Finder Date: Wed, 27 Feb 2008 13:16:45 -0800 Does anyone have experience with the scanning tool "Identify Finder"? We're looking for a tool to assist us in discovering sensitive data such as SSN's, credit card numbers, etc. Thanks, Sharon M. McNeil IT Security Analyst Dept. of ITCS East Carolina University 252-328-9112 (Phone) 252-328-4258 (Fax) mclawhorns () ecu edu On Wed, 27 Feb 2008 13:16:45 -0800, McNeil, Sharon McLawhorn <McLawhorns () ECU EDU> wrote:
Does anyone have experience with the scanning tool "Identify Finder"? We're looking for a tool to assist us in discovering sensitive data such as SSN's, credit card numbers, etc. Thanks, Sharon M. McNeil IT Security Analyst Dept. of ITCS East Carolina University 252-328-9112 (Phone) 252-328-4258 (Fax) mclawhorns () ecu edu
-- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
Current thread:
- Re: Identify Finder, (continued)
- Re: Identify Finder Isac Balder (Feb 27)
- Re: Identify Finder Brad Judy (Feb 27)
- Re: Identify Finder Theodore Pham (Feb 27)
- Re: Identify Finder Allison Dolan (Feb 28)
- Re: Identify Finder Nick Silkey (Feb 28)
- Re: Identify Finder Howell, Paul (Feb 28)
- Re: Identify Finder Mike Lococo (Feb 28)
- Re: Identify Finder Brad Judy (Feb 28)
- Re: Identify Finder Roger Safian (Feb 28)
- Re: Identify Finder Shamblin, Quinn (shamblqn) (Feb 28)
- Re: Identify Finder Felecia Vlahos (Feb 28)