Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re:

From: Brad Judy <Brad.Judy () COLORADO EDU>
Date: Tue, 18 Dec 2007 13:43:26 -0700
I haven't read this whole thread (catching up at the moment), but there
are a couple of options that meet your requirements.  

One is SENF from U Texas, which is Java based (requires 1.5 or later).

Another is Find_SSN and Find_CCN from VT, which are python based and
require either python environments or must be compiled into stand-alone
executables (they provide a pre-compiled Windows exe).  

Yet another is to use a basic grep/regex combination, but this leaves
you with little to no file interpretation capability (for example, it
won't unzip an Office 2007 file and look inside).  

These are the only stand-alone, multiplatform options I'm aware of for
this purpose (despite the lack of a built-in grep in Windows, the
Gnu-based native port is readily available and works well).  

Brad Judy

IT Security Office
University of Colorado at Boulder


-----Original Message-----
From: Schneider, David A [mailto:schneida () KU EDU] 
Sent: Tuesday, December 18, 2007 12:55 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY]

The ideal (in my own opinion) tool would be one that doesn't 
need to be installed on a computer and can run on any 
platform (Linux, Windows
etc.)
Perhaps Java-based, therefore. Not many fit these 
requirements. Many require the installation of numerous DLLs 
or outside libraries and frameworks (.NET is one example).

-D.
 
David Schneider
CISSP, CHFI
IT Security Office
The University of Kansas        
1001 Sunnyside Avenue       
Lawrence Kansas 66045
--------------------------------
Phone: 785-864-0472
Email: schneida () ku edu      
--------------------------------    
http://www.security.ku.edu
http://www.besekure.ku.edu
 


********************************************
The information transmitted by the above email is intended 
only for the addressee and may contain confidential and/or 
privileged material. Any interception, review, 
retransmission, dissemination, or other use of, or taking of 
any action upon this information by persons or entities other 
than the intended recipient is prohibited by law and may 
subject them to criminal or civil liability. If you received 
this communication in error, please contact us immediately at 
(785) 864-9003, and delete the communication from any 
computer or network system.
********************************************
 



-----Original Message-----
From: Eric Case [mailto:ecase () EMAIL ARIZONA EDU]
Sent: Tuesday, December 18, 2007 1:40 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY]

At 12:33 PM 12/18/2007 -0500, Hatala, Jeffrey wrote:

a tool we use from Cornell University called "Spider" .


      Spider is a good but not what I think my end users can handle. 
Gary Golomb <gary () Proventsure com> posted "Early release - 
free commercial grade PII/NPI discovery software" back on 
11/27.  It's still beta but is something my users can handle. 
More information can be found here 
<http://www.proventsure.com/Proventsure%20Free%20PII%20Discove

ry%20Audit

%20and%20Management%20Application.html>
and you can get it from here
<http://www.proventsure.com/Proventsure%20Self%20PII%20Detection.zip>.
-Eric



Eric Case, CISSP  <ecase () Arizona edu>
Information Security Officer
College of Engineering   <http://www.Engr.Arizona.edu>
1127 E James E. Rogers Way Room 200
Tucson, AZ 85721-0020
Mobile Phone 520-275-6436
Previous By Date Next
Previous By Thread Next

Current thread: