1 / 14

Using Cornell’s Spider to scan for sensitive information

Using Cornell’s Spider to scan for sensitive information. January 27, 2009 Steve Lovaas, ACNS Colorado State University. Spider, the Tool. What is it Where to get it Where to use it Which version Installing Changing defaults. Running Logging Remediation Reporting Demo Q&A.

emi-perez
Download Presentation

Using Cornell’s Spider to scan for sensitive information

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Using Cornell’s Spider to scan for sensitive information January 27, 2009 Steve Lovaas, ACNS Colorado State University

  2. Spider, the Tool • What is it • Where to get it • Where to use it • Which version • Installing • Changing defaults • Running • Logging • Remediation • Reporting • Demo • Q&A

  3. What is Spider (a refresher moment) • Developed by Wyman Miles • Cornell University • Open source, CSU collaboration • Searches directories, opening files • Reads them if possible • Regular-expression matching

  4. Where to get it • http://ssnscan.colostate.edu • Supporting documents, config files • Local download of application • Link to online documentation • Reporting template, exception request

  5. Where to use it • Easiest to configure on one machine, scan across the network • .NET 2.0 or greater for Windows versions • Mac and Linux versions available • …but better ones are coming soon • Scan from a Windows machine

  6. Which version • Spider 2.9, 3, or 2008 • 3 is stable and recommended • 2008 has some very useful features, still beta

  7. Installing • .NET 2.0 (or greater) first • Zipped installer • Spider 3 installs EXE • Spider 2008 installs MSI • Final Spider 2008 will include web config updater

  8. Changing defaults • Spider 3 scans everything • Spider 2008 scans a list of file types • Can exclude directories to improve performance (and maybe miss) • Leave default CC# regexes • CSU SSN regex (based on CMU’s) • .reg file to set config

  9. Running • Can take a lot of resources • Spider 2008 can recover from interruption (with 3, you’ll have to start over)

  10. Logging • Spider 3 • local log file (password if includes the hits) • syslog/Windows Event Log • Spider 2008 • encrypted State Database, exportable logs • syslog/Windows Event Log • Protect your logs!

  11. Remediation • Spider 3 • a manual event • Spider 2008 • redact (XXXX) SSNs/CC#s in files • right-click-and-delete from the log screen • Re-scan after user remediation

  12. Reporting • Spider 3: • a manual event (or some custom scripts) • Spider 2008 • log export tool • ACNS doesn’t want the logs, but you might want to burn them to disk for archive • Summarize results on the report template (Excel)

  13. Demo of each version…

  14. Questions? • Steven.Lovaas@ColoState.EDU

More Related