Procedures for Running
Sensitive Number Finder (SENF)
1. In order to cut down on the number of false positive sensitive number matches, you may want to remove temporary files from your server.
2. Prepare your server:
a. Make sure you have the Sun Java Runtime Environment (JRE) version 1.4.2 or higher installed on your server before running SENF.
i. If you are unsure which version of JRE is installed on your computer, you can find out by visiting: http://www.javatester.org/version.html
ii. Get and install the latest version of the Sun JRE by clicking here: http://java.com/en/download/manual.jsp
b. Find a time during non-peak hours to run SENF
c. You may want to "plant" one or more of the following test files on your server, just to assure yourself that SENF is searching all directories:
SENF TEST FILES:
Excel in General Form
Excel in Numeric Form
Excel in SSN Format
Excel in text format
Word as Web page
Word Document
3. Run SENF
a. Go to http://citnews.unl.edu/unlsenf/ if you are using a browser from your server and wish to not make SENF a scheduled event.
b. Go to http://citnews.unl.edu/unlsenf/senf-unl-20070403.jar if you want to download the command line version and make SENF a scheduled event:
i. java -jar senf-unl-20070403.jar -p <directory to scan>
ii. your output file will be in the same directory
c. Make sure you access all directories
4. Analyze results
a. Review the list of files detected by SENF.
b. Determine which files actually contain sensitive data
i. Does the file contain real SSNs?
ii. Does the file contain credit card information?
5. Report findings
a. Download this Excel spreadsheet to report your results
b. Send the completed spreadsheet to unlsenf [ at ] unl [dot] edu
c. Save the spreadsheet for use in subsequent reports.
6. Coordinate file cleanup/request for exemption with owners of data
a. If files are no longer needed:
i. Archive to offline media, e.g. CDs.
ii. Store offline media in a secure location, e.g. locked file cabinet.
iii. Remove the file from the server and from all backups
b. If files need to be kept on the server:
i. Make sure an Exemption Form is filed: http://is.unl.edu/SSN/2007_ssn_exempt_request.pdf
ii. Follow best practices for securing these files: http://is.unl.edu/SSN/ssnbp.shtml
7. Perform ongoing monitoring and reporting:
a. Check this web page for new instructions or versions before running SENF
b. Run SENF at least once a month. Hint: Configure SENF to look only for files changed since the last time it was run (java -jar senf--unl-20070328.jar -h for more information)
c. Report new files that contain sensitive data
d. Report status changes for previously reported files
Updates to SENF
(as of April 04, 2007)
The 2007-04-03 release of Senf-UNL includes changes to reduce false positives
and increase stability.
If you have already completed the scan of your servers and reviewed the
results, there is no need to rescan with this version. However, if you have
not yet reviewed the results, you may wish to rescan with this version, as it
is likely to report fewer false positives.
Changes:
1. Improved list of files and directories to exclude
Based on feedback from technical staff, exclusion of additional file
extensions and directories has been added to the default configuration.
File extensions:
aiff, bin, c, cache, cgi, conf, cpp, csproj, css, db, dl_, ex_, fla,
h, hdr, hist, idl, lib, lnk, mp4, msm, nsf, ntf, obj, pdb, ppt, rm,
sdf, sln, so, swf, sys, trn, url, vbproj, vssettings
Files and directories:
Firefox profiles
C:\Documents and Settings\<User account>\Application Data\Mozilla\Firefox\Profiles\
Remedy AR data files
C:\Documents and Settings\<User account>\Application Data\AR System\
Additional Windows system files
C:\WINNT\
C:\i386\
Lotus Notes cache
cache.ndk
Excel templates
C:\Documents and Settings\<User account>\Templates\*.xls
This will reduce the number of false positives found.
2. Increased minimum number of matches required before reporting SSNs found
In the previous release, files appearing to contain a single social security
number (SSN) or credit card number (CCN) were reported. This lead to an
overwhelming number of false positives.
In this revision, the default number of matches has been increased to 15. Only
files appearing to have 15 or more SSN/CCN matches will be reported.
Keep in mind that there may be files containing single SSNs. For example:
timesheets and travel forms.
To scan for files with fewer SSN/CCNs, use the "-m" option when running Senf.
For example: "java -jar senf.jar -m 1" will report files containing a single
match.
3. Exclude large Excel and PDF files from extensive scanning
When scanning the contents of large Excel and PDF documents, Senf
occasionally terminated prematurely with a java.lang.OutOfMemoryError.
In this revision, Excel files larger than 10MB are not scanned extensively and
PDF files larger than 10MB are skipped. Out of memory errors may be still be
reported on complex Excel and PDF files, but Senf should continue scanning.
There is a possibility that large Excel or PDF files containing SSNs may be overlooked.
We hope to remove the size limitation in a future revision.
