Educause Security Discussion mailing list archives

Re: Identify Finder

From: Brad Judy <Brad.Judy () COLORADO EDU>
Date: Wed, 27 Feb 2008 17:24:29 -0700

FYI: The approach I've recommended for the non-hyphenated formats is to
search using the most common first three digits for your students.  This
catches most large lists of SSN's while minimizing false positives.
Additionally, I highly recommend the use of boundary conditions for any
regular expression searches.  

For example, here's a simple regular expression that could be used for
one portion of Colorado SSN's:

\b65[0-3]\d{6}\b

I beleive the more advanced versions of Identity Finder allow for custom
regular expression searches, so one could add a check like the one
above.

In my experience, the vast majority of large SSN repositories/lists use
a straight nine digit format, so skipping it will likely mean not
detecting your highest impact files.   When it comes to data breaches,
finding these large repositories is a higher priority than the ability
to look into a variety of files types to find single items.  

Brad Judy

IT Security Office
University of Colorado at Boulder

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Isac Balder
Sent: Wednesday, February 27, 2008 4:53 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Identify Finder

So far we are impressed.  Though it skips information not in a dashed
format.  We had a few instances were home brew apps were handling data
without the dash and Identity finder missed it.  On the other hand I'll
take that over a slew of false positives on straight nine digit numbers.

I have heard that the vendor is working on a central reporting /
management server.

Yes it only finds data that is resident and not in transmission.  But we
have found that most users are not even aware of the data that is on
their system. 
Step 1) identitfy, Step 2) eduacate, Step 3) mitigate the transmission
factor.

The thing we really liked about Identity Finder was the ease of use for
the average user, the fact that it scans the Outlook PST files (were we
tend to find the block of data), and none ASCII files like PDF.


I.B.



--- "McNeil, Sharon McLawhorn" <McLawhorns () ECU EDU>
wrote:

Does anyone have experience with the scanning tool "Identify Finder"?
We're looking for a tool to assist us in discovering sensitive data 
such as SSN's, credit card numbers, etc.

 

Thanks,

 

Sharon M. McNeil

IT Security Analyst

Dept. of ITCS

East Carolina University

252-328-9112 (Phone)

252-328-4258 (Fax)

mclawhorns () ecu edu




 
________________________________________________________________________
____________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping

Current thread:

Identify Finder McNeil, Sharon McLawhorn (Feb 27)
- <Possible follow-ups>
- Re: Identify Finder Gary Dobbins (Feb 27)
- Re: Identify Finder Halliday,Paul (Feb 27)
- Re: Identify Finder Petreski, Samuel (Feb 27)
- Re: Identify Finder Isac Balder (Feb 27)
- Re: Identify Finder Brad Judy (Feb 27)
- Re: Identify Finder Theodore Pham (Feb 27)
- Re: Identify Finder Allison Dolan (Feb 28)
- Re: Identify Finder Nick Silkey (Feb 28)
- Re: Identify Finder Howell, Paul (Feb 28)
- Re: Identify Finder Mike Lococo (Feb 28)
- Re: Identify Finder Brad Judy (Feb 28)
- Re: Identify Finder Roger Safian (Feb 28)
- Re: Identify Finder Shamblin, Quinn (shamblqn) (Feb 28)
- Re: Identify Finder Felecia Vlahos (Feb 28)