Re: Scanner for sensitive information

["Di Fabio, Andrea" <adifabio () NSU EDU>]

We have been using University of Texas's SENF,
http://www.utexas.edu/its/products/senf and you could write scripts to
automated the scanning process.



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Wayne Bullock
Sent: Monday, June 16, 2008 10:59 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Scanner for sensitive information



I'm being asked to scan our web servers (but perhaps others servers such as
FTP, etc) for sensitive information. We are especially looking for Social
Security numbers, Z-numbers, credit card numbers phone numbers, etc.



Currently, we do an external vulnerability scan of the University's
computers several times a year with emphasis on the DMZ computers. However,
this will not search for sensitive information, at least with the product we
are using.



The software that I have been able to easily identify needs to run on the
web server but, clearly, I don't have privileged access to all University
web servers.



I know that we can do more to educate our systems managers and make them
responsible for running the spiders on their own systems periodically. We're
working on that.



My question is whether there is some product or other software that I can
run centrally that can help me assist webmasters keep sensitive information
inaccessible to the public. Ideally, I would like to do this on much the
same way I use my vulnerability scanner now.



If this exists, I'm sure the bad guys have it by now.



I appreciate your thoughts. Thanks.



            --Wayne



Wayne Bullock, MSCIS, CCNA
Associate Director, Communication Services Infrastructure

Information Resource Management
Florida Atlantic University
777 Glades Road
Boca Raton, FL 33431

Attachment: smime.p7s
Description: