Using Cornell’s Spider to scan for sensitive information

Download Report

Transcript Using Cornell’s Spider to scan for sensitive information 

Using Cornell’s Spider to scan
for sensitive information
January 27, 2009
Steve Lovaas, ACNS
Colorado State University
Spider, the Tool






What is it
Where to get it
Where to use it
Which version
Installing
Changing defaults






Running
Logging
Remediation
Reporting
Demo
Q&A
What is Spider (a refresher moment)

Developed by Wyman Miles



Open source, CSU collaboration
Searches directories, opening files


Cornell University
Reads them if possible
Regular-expression matching
Where to get it





http://ssnscan.colostate.edu
Supporting documents, config files
Local download of application
Link to online documentation
Reporting template, exception request
Where to use it



Easiest to configure on one machine, scan across
the network
.NET 2.0 or greater for Windows versions
Mac and Linux versions available


…but better ones are coming soon
Scan from a Windows machine
Which version



Spider 2.9, 3, or 2008
3 is stable and recommended
2008 has some very useful features, still beta
Installing





.NET 2.0 (or greater) first
Zipped installer
Spider 3 installs EXE
Spider 2008 installs MSI
Final Spider 2008 will include web config updater
Changing defaults






Spider 3 scans everything
Spider 2008 scans a list of file types
Can exclude directories to improve performance
(and maybe miss)
Leave default CC# regexes
CSU SSN regex (based on CMU’s)
.reg file to set config
Running


Can take a lot of resources
Spider 2008 can recover from interruption
(with 3, you’ll have to start over)
Logging

Spider 3



Spider 2008



local log file (password if includes the hits)
syslog/Windows Event Log
encrypted State Database, exportable logs
syslog/Windows Event Log
Protect your logs!
Remediation

Spider 3


Spider 2008



a manual event
redact (XXXX) SSNs/CC#s in files
right-click-and-delete from the log screen
Re-scan after user remediation
Reporting

Spider 3:


Spider 2008



a manual event (or some custom scripts)
log export tool
ACNS doesn’t want the logs, but you might want
to burn them to disk for archive
Summarize results on the report template (Excel)
Demo of each version…
Questions?

[email protected]