Educause Security Discussion mailing list archives

Re: Identity Finder

From: randy marchany <marchany () VT EDU>
Date: Fri, 18 Dec 2009 09:37:24 -0500

We wrote one of the freeware tools (Find_SSN, Find_CCN) and use
IdentityFinder as well. IdentityFinder has the ability to be run on
remote machines and some of our dept admins like that feature. The
other tools don't have that ability. IdentityFinder does NOT run on
Unix systems and since most of our database servers run on Unix/linux
system, IdentityFinder doesn't help us there. The Windows version is
excellent but I'm disappointed in the Mac version. Someone else
mentioned the Mac version is a work in progress and I would agree with
that assessment. It's still a very good product. Our Find_SSN/CCN tool
runs on all platforms (Mac, Windows, Linux/unix).

As far as false positives go, our tool is the best at reducing the
number of false positives. The biggest complaint you will get from
your users is "do I have to look at ALL of those files to see if
there's sensitive data?". The answer is a) yes b) move all of those
files into a folder and encrypt it and look for it later. All of the
tools including ours will generate false positives. The key is having
a sensitive data policy or standard in place. This will help you with
users who don't want to look through all of them.

The other problem with these tools is that none of them play well with
Outlook/exchange .pst files which is probably where most of the
sensitive data would be found in email attachments. I believe
IdentityFinder requires you to log into Exchange first and that's
their hook into .pst type files. My info may be dated but I believe
it's still correct.

This is the biggest issue with upper mgt.

I would suggest building a test folder with regular files, Microsoft
office files (.xls, .doc, Project, Visio, etc.), PDF files, .pst
files, binaries, small database table) and run all of the tools
against that folder and see the results. The advantage of the
commercial tools include the report format (auditors will like it) but
the freeware tools will simply generate a list of hyperlinks that
point to the files in question.

Randy Marchany
VA Tech IT Security Office

Current thread:

Re: Identity Finder, (continued)
- Re: Identity Finder Conor McGrath (Dec 17)
- Re: Identity Finder Maria P. Binder (Dec 17)
- Re: Identity Finder Flynn, Gerald (Dec 17)
- Re: Identity Finder Gary Dobbins (Dec 17)
- Re: Identity Finder Willis Marti (Dec 17)
- Re: Identity Finder Peterman, Martin (mdp4s) (Dec 18)
- Re: Identity Finder Allison Dolan (Dec 18)
- Re: Identity Finder Richard Miller (Dec 18)
- Re: Identity Finder Flynn, Gerald (Dec 18)
- Re: Identity Finder Flynn, Gerald (Dec 18)
- Re: Identity Finder randy marchany (Dec 18)
- Re: Identity Finder Chris Vakhordjian (Dec 18)
- Re: Identity Finder David Escalante (Dec 18)
- Re: Identity Finder Peterman, Martin (mdp4s) (Dec 18)
- Re: Identity Finder Gary Dobbins (Dec 18)
- Re: Identity Finder Brad Judy (Dec 18)
- Re: Identity Finder Peterman, Martin (mdp4s) (Dec 18)
- Re: Identity Finder Harold Winshel (Dec 18)
- Re: Identity Finder Paul Lepkowski (Dec 18)
- Re: Identity Finder Ben Woelk (Dec 18)
- Re: Identity Finder Felecia Vlahos (Dec 19)