Using Cornell’s Spider to scan for sensitive information January 27, 2009 Steve Lovaas, ACNS Colorado State University.

Slides:



Advertisements
Similar presentations
Discovering SQL all rights reserved (c) 2010 agilitator.com INSTALLING MS SQL Server 2008 R2 Express Edition.
Advertisements

Getting Set-up with Hosting and WordPress Gregory Young Alternative Hosting
Sensitive Information Sweep
Desktop Training & Quick Start Guide
Guide to MCSE , Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.
Campus Meeting on CSUID Implementation – SSN Purge Pat Burns and Steve Lovaas ACNS July 28, 2006.
Security Issues Steve Lovaas, ACNS IAC, 22 April 2008 Colorado State University1.
Kerio Connect 7.1 More Than Just a Mail Server
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Introduction to Android Studio
PHP Scripting Language. Introduction “PHP” is an acronym for “PHP: Hypertext Preprocessor.” It is an interpreted, server-side scripting language. Originally.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
STORAGE SOLUTIONS Research Data Management. Keeping your data just on your working machine, be it lap top or desktop, is the perfect way to loose your.
Migrating to EPiServer CMS 5 Johan Björnfot -
Julie McEnery1 Installing the ScienceTools The release manager automatically compiles each release of the Science Tools, it creates a set of wrapper scripts.
Security SIG August 19, 2010 Justin C. Klein Keane
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
The basics of the Online Portal
MANAGING PII WITH IDENTITY FINDER Paul Hanson IET-Data Center and Client Services University of California, Davis.
SmartLog X 3 TEAM Basic SmartLog X 3 TEAM Basic DescoEMIT.com USER STATUS USER EDIT TEST LOG ADMIN TEST MACHINE SCHEDULE INSTALL System Requirements:
Customer Portal – Customer User. You will receive an indicating that your Customer Portal registration is complete. A link to the Customer Portal,
© 2012 Avaya, Inc. All rights reserved, Page 1 Module Duration: Module 05: Handling Data in Bulk 3 Hours.
WaveMaker Visual AJAX Studio 4.0 Training Installation.
Scheduler, File Transmissions, & Additional Tools.
Running Kuali: A Technical Perspective Ailish Byrne - Indiana University Jay Sissom - Indiana University Foundation.
Phone: Mega AS Consulting Ltd © 2007  CAT – the problem & the solution  Using the CAT - Administrator  Mega.
TeamForge Beta Release Andrew Nelson, Bishop Wilkins, Ky Le, and Yoshito Kosai.
Installing MDT 2010 on Windows Server 2008 R2 This guide assumes you are installing MDT 2010 on a Windows Server 2008 R2 server with the Windows Deployment.
AppSec USA 2014 Denver, Colorado CMS Hacking 101 Hacking and Securing Popular Open Source Content Management Systems.
AutoTester & UAT Automation Framework By SSTZ-UAT.
Apache, MySQL and PHP Installation and Configuration Chapter 1 Apache Installation and Configuration.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
Module 8 : Configuration II Jong S. Bok
ALICE Use of CMF (CC) for the installation of OS and basic S/W OPC servers and other special S/W installed and configured by hand PVSS project provided.
Running Kuali: A Technical Perspective Ailish Byrne (Indiana University) Jonathan Keller (University of California, Davis)
Apache, MySQL and PHP Installation and Configuration Chapter 2 MySQL Installation and Configuration.
CMap Version 0.16 Ben Faga. CMap CMap Version 0.16 Bug fixes and code optimizations More intuitive menu system Asynchronous loading of comparative map.
Security SIG August 19, 2010 Justin C. Klein Keane
Proposal Tech What is RFPIQ?. 1 RFPIQ is our philosophy RFPIQ is our philosophy towards your work. Our commitment to support and service paired with our.
WAPTrace DEBUG AND OPERATIONAL EVENT LOG CAPTURE TOOL JONATHAN JORDAN | MICROSOFT | V1.3 Jonathan Jordan MICROSOFT | | V1.
SSN Rescan and Purge Redux Pat Burns, VPIT January 29, 2008.
David M. Kroenke and David J. Auer Database Processing Fundamentals, Design, and Implementation Appendix I: Getting Started with Web Servers, PHP and the.
Installing Coldfusion Under Linux Mid-Michigan Coldfusion User’s Group, Nov
Guide To Develop Mobile Apps With Titanium. Agenda Overview Installation of Platform SDKs Pros of Appcelerator Titanium Cons of Appcelerator Titanium.
There are many leading online sources that are providing reliable encryption solution for your online as well as offline file security through smart software.
XNAT 1.7: Getting Started 6 June, Introduction In this presentation we’ll discuss:  Features and functions in XNAT 1.7  Requirements  Installing.
PDF Recovery Tool Fix Portable Document File Format.
Yosemite Server Backup 8.8 Product Overview and Update
Packaging and Deploying Windows Applications
Integrating ArcSight with Enterprise Ticketing Systems
Welcome to Excel Day 2 of 3 Dan McAllister
Stress Free Deployments with Octopus Deploy
Integrating ArcSight with Enterprise Ticketing Systems
Shared Services with Spotfire
VMWare Workstation Installation
ClamXav Antivirus Scanner: A Free Tool for Your Mac OS X
Lecture 13 RPM and its advantages.
Updating Malwarebytes Tech Support and software support is important otherwise you shall come across some technical errors. If software is not updated.
Presenter: Karoline Lapko
Lets get on to A+ from Home
Quicken 2018 Support
More than just File Sync and Share.
SolidWorks Tools and PDMWorks Vault Tutorial:
Microsoft Office Not in Textbook.
Yating Liu July 2018 G-OnRamp workshop
4/9/ :42 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Rev Up Your Design Cycle With DesktopServer
Macrosystems EDDIE: Getting Started + Troubleshooting Tips
Topics Today Capability Efficiency Troubleshooting
Presentation transcript:

Using Cornell’s Spider to scan for sensitive information January 27, 2009 Steve Lovaas, ACNS Colorado State University

Spider, the Tool What is it Where to get it Where to use it Which version Installing Changing defaults Running Logging Remediation Reporting Demo Q&A

What is Spider (a refresher moment) Developed by Wyman Miles  Cornell University Open source, CSU collaboration Searches directories, opening files  Reads them if possible Regular-expression matching

Where to get it Supporting documents, config files Local download of application Link to online documentation Reporting template, exception request

Where to use it Easiest to configure on one machine, scan across the network.NET 2.0 or greater for Windows versions Mac and Linux versions available  …but better ones are coming soon Scan from a Windows machine

Which version Spider 2.9, 3, or is stable and recommended 2008 has some very useful features, still beta

Installing.NET 2.0 (or greater) first Zipped installer Spider 3 installs EXE Spider 2008 installs MSI Final Spider 2008 will include web config updater

Changing defaults Spider 3 scans everything Spider 2008 scans a list of file types Can exclude directories to improve performance (and maybe miss) Leave default CC# regexes CSU SSN regex (based on CMU’s).reg file to set config

Running Can take a lot of resources Spider 2008 can recover from interruption (with 3, you’ll have to start over)

Logging Spider 3  local log file (password if includes the hits)  syslog/Windows Event Log Spider 2008  encrypted State Database, exportable logs  syslog/Windows Event Log Protect your logs!

Remediation Spider 3  a manual event Spider 2008  redact (XXXX) SSNs/CC#s in files  right-click-and-delete from the log screen Re-scan after user remediation

Reporting Spider 3:  a manual event (or some custom scripts) Spider 2008  log export tool ACNS doesn’t want the logs, but you might want to burn them to disk for archive Summarize results on the report template (Excel)

Demo of each version…

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.