Educause Security Discussion mailing list archives
Re: Scanner for sensitive information
From: "Di Fabio, Andrea" <adifabio () NSU EDU>
Date: Mon, 16 Jun 2008 11:05:03 -0400
We have been using University of Texas's SENF, http://www.utexas.edu/its/products/senf and you could write scripts to automated the scanning process. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Wayne Bullock Sent: Monday, June 16, 2008 10:59 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Scanner for sensitive information I'm being asked to scan our web servers (but perhaps others servers such as FTP, etc) for sensitive information. We are especially looking for Social Security numbers, Z-numbers, credit card numbers phone numbers, etc. Currently, we do an external vulnerability scan of the University's computers several times a year with emphasis on the DMZ computers. However, this will not search for sensitive information, at least with the product we are using. The software that I have been able to easily identify needs to run on the web server but, clearly, I don't have privileged access to all University web servers. I know that we can do more to educate our systems managers and make them responsible for running the spiders on their own systems periodically. We're working on that. My question is whether there is some product or other software that I can run centrally that can help me assist webmasters keep sensitive information inaccessible to the public. Ideally, I would like to do this on much the same way I use my vulnerability scanner now. If this exists, I'm sure the bad guys have it by now. I appreciate your thoughts. Thanks. --Wayne Wayne Bullock, MSCIS, CCNA Associate Director, Communication Services Infrastructure Information Resource Management Florida Atlantic University 777 Glades Road Boca Raton, FL 33431
Attachment:
smime.p7s
Description:
Current thread:
- Scanner for sensitive information Wayne Bullock (Jun 16)
- <Possible follow-ups>
- Re: Scanner for sensitive information Di Fabio, Andrea (Jun 16)
- Re: Scanner for sensitive information Roger Safian (Jun 16)
- Re: Scanner for sensitive information Randy Marchany (Jun 16)
- Re: Scanner for sensitive information Isac Balder (Jun 16)
- Re: Scanner for sensitive information Watson, Michael (Jun 16)
- Re: Scanner for sensitive information Wayne Bullock (Jun 17)
- Re: Scanner for sensitive information Doug Markiewicz (Jun 18)
- Re: Scanner for sensitive information Wyman Miles (Jun 18)