Scanner for sensitive information

[Wayne Bullock <wayne () FAU EDU>]

I'm being asked to scan our web servers (but perhaps others servers such
as FTP, etc) for sensitive information. We are especially looking for
Social Security numbers, Z-numbers, credit card numbers phone numbers,
etc.

 

Currently, we do an external vulnerability scan of the University's
computers several times a year with emphasis on the DMZ computers.
However, this will not search for sensitive information, at least with
the product we are using. 

 

The software that I have been able to easily identify needs to run on
the web server but, clearly, I don't have privileged access to all
University web servers. 

 

I know that we can do more to educate our systems managers and make them
responsible for running the spiders on their own systems periodically.
We're working on that. 

 

My question is whether there is some product or other software that I
can run centrally that can help me assist webmasters keep sensitive
information inaccessible to the public. Ideally, I would like to do this
on much the same way I use my vulnerability scanner now.

 

If this exists, I'm sure the bad guys have it by now.

 

I appreciate your thoughts. Thanks. 

 

            --Wayne

 

Wayne Bullock, MSCIS, CCNA
Associate Director, Communication Services Infrastructure

Information Resource Management 
Florida Atlantic University 
777 Glades Road
Boca Raton, FL 33431