SSNScan
03 Dec 2008 04:27 UTC 2008338+0427 UTC

Scanning DNR Computers for Sensitive Data

Policy

During the month of August, DNR-IT staff will scan all computers that fall under the domain/management of DNR-IT. We will also scan each computer for viruses, but the primary goal is to ensure compliance with the university's new policy on Social Security Numbers. While we do not expect to find many files containing social security numbers outside of Sam's and Monica's computers, we believe its better to be safer than sorry.

We're asking for your cooperation in making this process as painless and efficient as possible.

The scanning process will take several hours and your computer will effectively be disabled during the scan. Our time estimates will improve as we perform more scans, but for now assume that the scan process will take one day per computer. You can help us by signing up for a scan when you will be out of the office or not using your computer. If you have a laptop that you frequently take out of the office, we need to schedule a time for you to bring it in and leave it with us during the scan.

In order to make things easier for us and for you, we are presenting everyone with three choices. Please pick one and take the appropriate actions.

1. I don't have/want any files on my computer containing SSNs. (Easy)

We will scan your computer and delete any files containing SSNs. If you know of files on your computer that contain SSNs, we ask that you delete them ahead of time. Please supply us with a completed and signed copy of the Individual SSN Attestation Form (PDF 44KB) where you have checked number 1.

2. I have files on my computer containing SSNs that I want to keep, but I do not need the SSNs. Please remove the portions of the file(s) that contain SSNs and leave them on my computer. (Medium)

We will scan your computer and edit any files containing SSNs, removing the SSNs from within that file, within reason. If the file format is considerably complex, we will delete the file entirely. Any PDFs on your computer that contain SSNs will be edited--we will remove any page from each PDF which contains SSNs but leave all other pages intact. Please supply us with a completed and signed copy of the Individual SSN Attestation Form (PDF 44KB) where you have checked number 1.

3. I have files on my computer that contain SSNs and I need those files to do my job. (Hardest)

[call Niall at x2733 if you have any questions] Please delete any files containing SSNs which you do not need. Organize the remaining files containing SSNs within an obvious directory structure. We will scan your computer looking for files that contain SSNs while ignoring any files within the sensitive directory structure. We will notify you of any files which contain SSNs before taking action. Because you're special, you need to supply us with a completed and signed copy of the Individual SSN Attestation Form (PDF 44KB) where you have checked number 2. You also need to get the approval of the "Powers That Be": Fill out and follow the instructions on SSN Exemption Form (PDF 59KB). We will also work with you to make sure the sensitive files on your computer are properly secured.

Please direct any questions or comments to Niall at ndurham@lighthouse.tamucc.edu or x2733.

Please signup for SSN scanning if you haven't already (click me).

Tasks

To-do:

  • Identify all personal backup methods presently in use around the office (e.g., Sam using CD-Rs).

For each hard disk/computer we need to perform the following:

  1. Virus scan
  2. PDF scan
  3. SSN scan [See http://security.tamucc.edu/securing_ssn_article.php for more information]. Use log2html.pl script to convert Spider log file into user-friendly HTML.
  4. Empty the Recyle Bin (after deleting all sensitive information)
  5. Run drive-wiping software on the hard disk
  6. Defrag (optional)
  7. chkdsk

On each system we need to make sure the following is done:

  1. Virus definition file update
  2. Schedule regular virus scans
  3. Schedule automatic windows updates

We need to mention the following to each user [user education]:

  • Power policy - CPUs on, monitors off.
  • Install/use Firefox if you're not using it already.

Tools

Page last modified on November 11, 2008, at 01:07 PM