Educause Security Discussion mailing list archives
Re: Identify Finder
From: Brad Judy <Brad.Judy () COLORADO EDU>
Date: Wed, 27 Feb 2008 17:24:29 -0700
FYI: The approach I've recommended for the non-hyphenated formats is to search using the most common first three digits for your students. This catches most large lists of SSN's while minimizing false positives. Additionally, I highly recommend the use of boundary conditions for any regular expression searches. For example, here's a simple regular expression that could be used for one portion of Colorado SSN's: \b65[0-3]\d{6}\b I beleive the more advanced versions of Identity Finder allow for custom regular expression searches, so one could add a check like the one above. In my experience, the vast majority of large SSN repositories/lists use a straight nine digit format, so skipping it will likely mean not detecting your highest impact files. When it comes to data breaches, finding these large repositories is a higher priority than the ability to look into a variety of files types to find single items. Brad Judy IT Security Office University of Colorado at Boulder -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Isac Balder Sent: Wednesday, February 27, 2008 4:53 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Identify Finder So far we are impressed. Though it skips information not in a dashed format. We had a few instances were home brew apps were handling data without the dash and Identity finder missed it. On the other hand I'll take that over a slew of false positives on straight nine digit numbers. I have heard that the vendor is working on a central reporting / management server. Yes it only finds data that is resident and not in transmission. But we have found that most users are not even aware of the data that is on their system. Step 1) identitfy, Step 2) eduacate, Step 3) mitigate the transmission factor. The thing we really liked about Identity Finder was the ease of use for the average user, the fact that it scans the Outlook PST files (were we tend to find the block of data), and none ASCII files like PDF. I.B. --- "McNeil, Sharon McLawhorn" <McLawhorns () ECU EDU> wrote:
Does anyone have experience with the scanning tool "Identify Finder"? We're looking for a tool to assist us in discovering sensitive data such as SSN's, credit card numbers, etc. Thanks, Sharon M. McNeil IT Security Analyst Dept. of ITCS East Carolina University 252-328-9112 (Phone) 252-328-4258 (Fax) mclawhorns () ecu edu
________________________________________________________________________ ____________ Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Current thread:
- Identify Finder McNeil, Sharon McLawhorn (Feb 27)
- <Possible follow-ups>
- Re: Identify Finder Gary Dobbins (Feb 27)
- Re: Identify Finder Halliday,Paul (Feb 27)
- Re: Identify Finder Petreski, Samuel (Feb 27)
- Re: Identify Finder Isac Balder (Feb 27)
- Re: Identify Finder Brad Judy (Feb 27)
- Re: Identify Finder Theodore Pham (Feb 27)
- Re: Identify Finder Allison Dolan (Feb 28)
- Re: Identify Finder Nick Silkey (Feb 28)
- Re: Identify Finder Howell, Paul (Feb 28)
- Re: Identify Finder Mike Lococo (Feb 28)
- Re: Identify Finder Brad Judy (Feb 28)
- Re: Identify Finder Roger Safian (Feb 28)
- Re: Identify Finder Shamblin, Quinn (shamblqn) (Feb 28)
- Re: Identify Finder Felecia Vlahos (Feb 28)