Reviewing the Results of the Find_SSNs Program

 

     1) After running the Find_SSNs program, it will report the results in two files located

        on your desktop named Find_SSNs.html and Find_SSNs.txt. It is recommend to use
        the Find_SSNs.html file as it will simplify locating files of interest.
Double click the
        Find_SSNs.html program icon and a browser window will open to display the results.
     

        Find_SSNs Icons



    2) Opening the Find_SSNs file may cause an Internet Explorer information alert. 
        This alert is a warning to prevent you from accidently running active
        content that could be potentially hazardous. Click OK.


          Information bar

  

 

    3) There could be a yellow information bar near the top of the page. 

        On the right side of the information bar click on .Click here for options..

 

          Yellow information bar

 

 

    4)  This will open up a small options menu. Click on .Allow Blocked Content."

 

           Allow blocked content

 

  

    5) Another Security Warning window opens. Click Yes to allow the file to run active content.

 

          ActiveX security warning

 

 

 

    6) Now you should see a window that looks something like the example below. This report is the result of 

   searching for Social Security number (SSN) in the .My Documents. folder. The first line of the Find_SSNs

   report has a file that contains information about the time and date of scan, host information and file paths.

   The report table lists all the files in which the Find_SSNs program located a string that matches the 

        following formats for Social Security numbers:

    (Where N is a number, and the numbers as a whole are validated as a potential SSN)

     
        Clicking on a file link in the File Path (right) column will open the file using the program in which it was created.
        This is the most reliable way of verifying whether the number in the file is one of interest. You must use the
        "back" button on your browser to return to the Find_SSNs report. Clicking "Close" or "X" will exit both the file you
        selected and the Find_SSNs report. When the "back" button is used, the information alert/security warnings may
        display again. Respond to them as you did previously.
        

          html view
                     

                                                 

 

   Clicking on a file link in the Suspect Number Count (left) column will bring up a list of all files in a text format. 

        Unfortunately, the two views do not arrange themselves in the same order.

 

        text view from html


        Getting the Most out of the Find_SSNs Program

        False positives occur when the search tools identify files as containing SSN information, when they in fact they do not.

        This is especially true of files in the Temp and Temporary Internet Folders directories. Find_SSNs is designed to be as

        accurate as possible, however, there will always be false positives as many times valid SSNs or credit card numbers are

        often used in other contexts. For example, 123456789 is a valid SSN and because it's in this html page, it would be listed in a Find_SSNs search. 
 

        Acting on the Results of the Find_SSNs Program

        The goal of Find_SSNs program is to identify files that contain SSNs to enable users to delete the files (if they are no longer needed),

        or store them securely and encrypt them to limit and/or prevent protected information exposure.

        Listed below are actions you might take (in order of most secure to least) to appropriately secure SSN information from desktops:

 

        1. Delete the file. If you no longer need the file(s) containing the SSN information, delete it.
            Make sure that you empty the trash after deleting the file(s).

        2. Delete the SSN information. Many of the findings may be letters or forms. You can delete just the SSN information (if not needed)
            and still leave the rest of the form/letter on the desktop.

        3. Archive the information. If the information is needed for reference, but you don.t need it on-line, print it, burn a CD-R/DVD,
            or save to a tape/floppy and remove the information from the desktop.
Be sure and store the print out/storage media now containing
            the SSN information in a secure area.

        4. Move the file to a secure file server. Have your IT support staff work with the server administrator to create a directory on the
            divisional/departmental file server and store the information.
If more than one person needs access, the server administrator can
            create a directory allowing multiple accesses. Your IT support staff can explain the proper process for scheduling this task.

           
Once the information is on the file server, delete it from the desktop. Be sure and empty the trash after the delete operation.

        5. Confirm the desktop has a host firewall turned on. For an added layer of protection to the desktop, the host firewall should be
            installed by IT support staff to be sure it is configured and managed properly.

        6. Delete temporary Internet files. Many of the SSN findings listed temporary Internet browsing files. This would happen if a user
            opened a file containing SSNs with their browser.
If these files do contain SSNs then we need to minimize their storage on the desktop.
            Your IT support staff can set the browser so that temporary Internet files are deleted after the browser is closed.

    

        7. Remove email and email attachments. Many of the findings may be in email. We should not be emailing SSN information.
            If the emails were sent to enable sharing of the information, please see step 4
for setting up a secure area on the divisional or
            departmental file server. Let the IT Security Office (iso@sdsu.edu) know if there is some other reason for using email and they
            will work with you
to find a more secure solution.

        8. Empty the trash. Many of the findings may show files still in the trash. Work with your IT support staff for automated controls
            to empty the trash when the system shuts down or reboots.
If not possible, manually empty the trash weekly. You will have to
            constantly remember this manual task so that it doesn.t lapse.

        9. Remove old profiles. Some findings may indicate that old user information, possibly unrelated to the current user and their job,
            might be stored on the desktop. If so, please contact the appropriate manager
of the information (previous user.s manager) and
            schedule a transfer of the information or disposal of it. All computers should be rebuilt before being assigned to a new user.

           
Notify your IT management of this situation so they can ensure transfers are being rebuilt properly in the future.

      10. Delete the Find_SSNs.txt and Find_SSNs,html files. Once you have handled all the findings from the Find_SSNs search,
            you should delete the output files Find_SSN.txt and Find_SSNs,html.
Make sure that you empty the trash after deleting the files.

 

        More Program Information

        Most file formats can be searched for protected information. Searchable file formats include Microsoft Word, Excel and Access as well

        as file formats that store data in plain text. The OASIS Open Document XML format (Open Office 2) and the Microsoft Office 2007

        Open XML format are also supported. The Find_SSNs program searches for protected information such as:

        The program cannot search files with the following extensions; .exe, .bin, .com, .dll and .cpp.

 

 Remember to delete the reports then empty your trash when you are finished.