Using Cornell’s Spider to scan for sensitive information
Download
Report
Transcript Using Cornell’s Spider to scan for sensitive information
Using Cornell’s Spider to scan
for sensitive information
January 27, 2009
Steve Lovaas, ACNS
Colorado State University
Spider, the Tool
What is it
Where to get it
Where to use it
Which version
Installing
Changing defaults
Running
Logging
Remediation
Reporting
Demo
Q&A
What is Spider (a refresher moment)
Developed by Wyman Miles
Open source, CSU collaboration
Searches directories, opening files
Cornell University
Reads them if possible
Regular-expression matching
Where to get it
http://ssnscan.colostate.edu
Supporting documents, config files
Local download of application
Link to online documentation
Reporting template, exception request
Where to use it
Easiest to configure on one machine, scan across
the network
.NET 2.0 or greater for Windows versions
Mac and Linux versions available
…but better ones are coming soon
Scan from a Windows machine
Which version
Spider 2.9, 3, or 2008
3 is stable and recommended
2008 has some very useful features, still beta
Installing
.NET 2.0 (or greater) first
Zipped installer
Spider 3 installs EXE
Spider 2008 installs MSI
Final Spider 2008 will include web config updater
Changing defaults
Spider 3 scans everything
Spider 2008 scans a list of file types
Can exclude directories to improve performance
(and maybe miss)
Leave default CC# regexes
CSU SSN regex (based on CMU’s)
.reg file to set config
Running
Can take a lot of resources
Spider 2008 can recover from interruption
(with 3, you’ll have to start over)
Logging
Spider 3
Spider 2008
local log file (password if includes the hits)
syslog/Windows Event Log
encrypted State Database, exportable logs
syslog/Windows Event Log
Protect your logs!
Remediation
Spider 3
Spider 2008
a manual event
redact (XXXX) SSNs/CC#s in files
right-click-and-delete from the log screen
Re-scan after user remediation
Reporting
Spider 3:
Spider 2008
a manual event (or some custom scripts)
log export tool
ACNS doesn’t want the logs, but you might want
to burn them to disk for archive
Summarize results on the report template (Excel)
Demo of each version…
Questions?
[email protected]