Re: Linux sensitive number search tools

["Woodruff, Dan" <dwoodru2 () UR ROCHESTER EDU>]

We've also purchased Identity Finder and for searching Linux machines,
we have massaged a solution that works fairly well if the goal is a
onetime cleanup and not recurring searches. We share the directory to be
searched via Samba, mount the drive on a Windows machine that has
Identity Finder installed, and then right-click search the drive (need
to have the Explorer shell extensions enabled via policy). 

 

The search will be a bit slower than running on a locally attached disk,
but it will work and as long as the user account that mounted the share
has the correct permissions, you will be able to Shred/Scrub/otherwise
remediate within the Identity Finder client.

 

Hope that helps,

 

Dan Woodruff

University IT Security and Policy

University of Rochester

 

 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Seidl
Sent: Tuesday, July 24, 2012 9:49 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Linux sensitive number search tools

 

Like many schools, we have have purchased Identity Finder for MacOS and
Windows use, but we're starting to hit parts of campus with a higher
percentage of Linux systems as we remediate. Thus...

 

What's your take on Linux friendly sensitive number (SSN, credit card)
search tools? We've previously looked at Spider and we've run SENF, but
it's time to see if there are better tools out there with lower false
positive rates, the potential to report centrally, or other useful
enterprise style features.

 

Thanks!

 

David

 

David Seidl

Director of Information Security

Office of Information Technologies

University of Notre Dame

Notre Dame, IN 46556

(574) 631-7305

dseidl () nd edu <mailto:dseidl () nd edu>