Sensitive Data Scanner Instructions: Spider for Windows Data Scanner... · • Promptly remove the Spider scan database or log file. ... content, flow, grammar, or any other issues

Sensitive Data ScannerInstructions: Spider for Windows

UCSB Office of Information TechnologyMay 6, 2010

Instructions: Spider for Windows Page 1 of 59

Table of ContentsIntroduction............................................................................................................................................................................................................3Instructions.............................................................................................................................................................................................................5

Short Version.....................................................................................................................................................................................................51.System Requirements.....................................................................................................................................................................................82.Download and Install Spider .......................................................................................................................................................................163.Delete Temporary Internet Files...................................................................................................................................................................254.Empty the Recycle Bin.................................................................................................................................................................................285.Launch Spider...............................................................................................................................................................................................296.Configure Spider..........................................................................................................................................................................................317.Run Spider....................................................................................................................................................................................................388.View, Verify, and Fix the Findings...............................................................................................................................................................409.Cleanup.........................................................................................................................................................................................................4510. (Optional) Complete Survey.....................................................................................................................................................................52

Appendixes ..........................................................................................................................................................................................................53Appendix A: Frequently Asked Questions.....................................................................................................................................................53Appendix B: IS-3 Guidelines for Restricted Resources ................................................................................................................................56Appendix C: Scanning Your Network Drive..................................................................................................................................................61


IntroductionThis document details the installation and usage of Spider, developed by Cornell University, for your personal computer. Spider will search your system for files that may contain Social Security Numbers (SSNs). This is part of a campus initiative to reduce the amount of Restricted Information residing on user machines. We've started this initiative partly because it is good practice, however mainly it is to ensure UCSB compliance with policy and law. University policy (such as the IS-3) mandates that certain controls need to be in place on any system where “Restricted Information” resides. For more information see Appendix C or read the IS-3 directly at http://www.ucop.edu/ucophome/policies/bfb/is3.pdf. The IS-3 defines Restricted Information as:

Restricted information describes any confidential or personal information that is protected by law or policy and that requires the highest level of access control and security protection, whether in storage or in transit.

SSNs fall into this restricted category. We cannot accurately assess where such data resides by methods such as user surveys. In many cases the user may not know the data is present on their system. Use of a “Sensitive Data Scanner” assists the user in finding and when necessary, removing, sensitive data on their systems. If there is a valid business reason for storing Restricted Data on a machine, then the appropriate security controls need to be in place. The few legitimate reasons to collect or store SSNs are:

• Collection of SSNs for IRS-related purposes is permitted. However, not all employment, HR, or related forms or databases are IRS related, so do not assume that the SSN is always required.

• Collection of student SSNs via the FAFSA is permitted, as is any other purpose driven by State or federal law.• External requirements - such as an outside vendor that requires the use of SSNs - may permit the collection and/or maintenance of

SSNs. However, alternate approaches should be explored.

As units and departments conduct this review, they should consider making business process changes that are now considered standard practice:

• If you determine you can change to another identifier and stop collecting the SSN, switch to a completely different ID number, not a truncated SSN.

• Immediately stop using the SSN as a primary identifier in any system. Talk to your central IT department for better options.• If you conclude that the SSN must be maintained, explore whether another ID number, linked to the SSN, can be used instead so the

SSN does not appear in multiple places.• During your review of SSNs, it would be wise to review the collection and storage of other confidential data (for example, an


http://www.ucop.edu/ucophome/policies/bfb/is3.pdf

individual's name in combination with Credit Card Numbers (CCNs), PINs, health information, etc.) and take the same steps to protect them.

A few important notes:

• Use of Spider is at the user's own risk. Users are highly encouraged to carefully read the following documentation and if necessary enlist the support of your local IT staff. Your department may have internal procedures and policies regarding the use of scanning tools.

• Spider executes a search of designated data locations and returns the results that it believes might contain SSNs. • If Spider reports no sensitive files, this does not guarantee that SSNs are not on the machine in a format or file that Spider cannot

read or cannot access. • Technology can only take us so far - users should be aware whether or not their systems house Restricted Information and be

prepared to take appropriate actions should Restricted Information be found.• Verify each file that Spider finds. Be aware that Spider produces many false alarms. You must verify each file to ensure the data

contained in it is truly a SSN before deciding what to do with the file. (Files flagged by Spider that don't contain SSNs are called “False Positives”.)

• Promptly remove the Spider scan database or log file. Spider logs are often a direct road map to your files containing sensitive information. Whenever possible, remove the log files after you have protected or removed the files that contain Restricted Information.

• Spider reads and analyzes each file on your computer. Depending on the number and size of the files on your system, Spider may take a significant amount of time to complete. We recommend you allocate 1 - 3 hours for the scan to run.

• Spider can consume a significant amount of computer resources while running. As a result, your computer may perform unstably during the scan. The program may appear to freeze or lock up; just be patient and the scan will finish. For this reason you may wish to launch the scan at the end of your shift or when you can leave it unattended.

• You can specify the file directory that Spider will scan. This is a good way to narrow your search and break the process into manageable chunks of time.

• Protect files you need to keep that contain Restricted Information.

“As an institution entrusted with vast amounts of personal data, the University must continue to do everything it can to protect that information. Data protection is not an option - it is law and UC policy.” - Mark Yudof, President, University of California

For more information please read the Frequently Asked Questions in Appendix A.


Instructions

Short VersionBelow are simple instructions (intended for more advanced users). By clicking on any of the numbered links you'll be directed to a more detailed explanation of each step. The instructions are written specifically for Windows Vista, but the overall process is the same for any Windows operating system.

1. System Requirements

Spider for Windows has the following minimum system requirements:

• Windows version 2000 or later (2000, XP, Vista, 7)

• .NET Framework Version 2.0 (or newer)

Make sure your workstation meets the minimum requirements before proceeding.

It's not required, but in order for Spider to perform a full system scan, the user needs to have Administrative privileges on the target machine. If you do not have Administrative privileges, speak with your IT support staff on how to proceed.

2. Download and install Spider

Spider can be downloaded from the following url:

http://www2.cit.cornell.edu/security/tools/Spider_Release_2008.zip

The default installation settings should work for most users.

3. Delete Temporary Internet Files

“Temporary Internet Files” are local files stored by your web browser to enhance the web browsing experience. Deleting these files



will both increase Spider's scan speed and reduce the number of false positives reported. As a general best practice these files should be cleaned regularly.

4. Empty the Recycle Bin

Similar to the Temporary Internet Files, the computer's Recycle Bin should be emptied to minimize the number of files Spider will scan.

5. Launch Spider

Run spider4.exe and start the program.

6. Configure Spider

Configuration changes that should be made:• Change the root scan path to “C:\” or the drive label of your primary hard drive.• If you have multiple hard drives, set Spider to search each one.

7. Run Spider

Scan your system for SSNs.

8. Verify and Fix Findings

Manually inspect each file flagged by Spider. Ignore false positives, and secure or delete Restricted Information. Typically files containing Restricted Data are more likely to appear in your “My Documents” or other folders where you typically store your files. They are less likely, but certainly plausible to appear in folders such as “Program Files” or “Windows”.

A simple outline of this process follow:

1. Inspect the file.2. Determine if the file contains Restricted Information.3. Delete, secure, or relocate sensitive files.

Some things to consider when you find Restricted Data:


• Do I still need this information?• Are there record retention laws pertaining to this information?• Where did I get this information?• Do any of my coworkers have this information?• Is my copy the sole source of this information?• Have I ever sent this information to anyone?• Will I be receiving more data like this?• Is this data stored anywhere else that I know of?

9. Cleanup

The output generated by Spider inherently contains sensitive information. After running a scan, it's necessary to remove the scan logs and databases. The cleanup consists of two steps:

• Remove Spider scan database

• The Spider scan database is located in C:\Users\USERNAME\AppData\Local\Spider\State where USERNAME is your Windows username.

• Uninstall Spider

10. Complete Survey (Optional)

Your feedback is vital to the success of this project. In order to ensure the effectiveness of this document, we'd like to hear any and all opinions about its structure, content, flow, grammar, or any other issues or observations you might have noticed.

Please visit this webpage and complete the survey. You'll need to log in using your UCSB NetID.

Thanks again for your participation.


http://it.ucsb.edu/spider-test-user-survey

1. System RequirementsSpider for Windows has the following minimum system requirements:

• Windows version 2000 or later (2000, XP, Vista, 7)

• .NET Framework Version 2.0 (or newer)

Spider requires that you be running a Windows 2000 or later version of Windows and that you have at least version 2.0 of the Microsoft .NET framework installed on your system. If you use automatic updates to keep Windows updated, you most likely already have this installed.

Warning: Check with your IT support staff to ensure installing the .NET Framework will not cause your other applications to cease working.

In order to completely scan the target computer (all files and folders), the user needs to have Administrator Privileges on the target machine. If you're not sure or know that you do not, contact your IT support staff for recommendations on how to proceed.

Note: The following test will work for users who have installed Java. If Java is not installed on your PC, use the alternate method (page 11) to check for the .NET Framework.

To check your .NET Framework version, first open Internet Explorer.

Click the Windows “Start” button (or press ctrl - esc):


Next click on “Internet Explorer”.

If Internet Explorer does not appear in the quick launch list, select “All Programs” then find Internet Explorer in the list of programs.

Internet Explorer will open to your homepage:


Copy and paste the following text into your browser's address bar:

javascript:alert(navigator.userAgent)

Press Enter.

A message box will appear:

Look for the “.NET CLR” field.

In the example to the right, we see .NET CLR 2.0, 3.0, and 3.5.

Since Spider requires at least 2.0 to run, we're ok.

If .NET version 2.0 or newer was not found, you'll need to install it (page 13) before proceeding. Otherwise, go ahead and skip on to step 2, “Download and Install Spider”. Click here to return to the short instructions.


An alternate method to check for the .NET framework is as follows:

Click the Windows “Start” button (or press ctrl - esc):

The Start menu will appear.

Click on “Control Panel”.


Under the item Programs, select “Uninstall a program”.

Note: You actually aren't going to uninstall anything, you just want to see a list of programs installed.

A window should appear with a list of installed programs. Scroll through the list and look for an entry named “Microsoft .NET Framework” followed by a version number. Spider will work with all versions newer than 2.0.

If the “Microsoft .NET Framework” is not found on the list, you'll need to install it before proceeding. Continue following these instructions. Otherwise, go ahead and skip on to step 2, “Download and Install Spider”. Click here to return to the short instructions.


To install (or upgrade) the latest .NET Framework, first use your Start menu to check for updates.

Click the Start button (or press ctrl - esc), click All Programs, and then click Windows Update.

The Windows Update window will appear.

The .NET Framework update should be one of the “important updates” available for your computer.

Click “Install Updates” to proceed.


Optionally, you can verify that the .NET framework will be installed by clicking the “important updates is/are available” text on the previous screen. The .NET Framework update should appear in the list:

Click “OK” to continue.

Windows will begin installing the updates.


Once the updates have finished installing, you may need to reboot your system.

The latest version of the .NET Framework should now be installed on your system. Click here to return to the short instructions.


2. Download and Install Spider Once you've verified you've met the system requirements, the next step is to download and install the Cornell University Spider application.

“Ctrl - Click” on the link below (or copy and paste the link into your Internet browser's address bar).


Choose the “Save” option.



The file will default to your Downloads folder.

Choose “Save”.

The file will begin downloading:


Once the download finishes, select “Open”.

You may see the following warning:

Select “Allow”.


On the menu bar next to “views” and “organize”, select “Extract all files”.

Select “Extract”.


The file will begin extracting:

Once finished, the extracted folder should appear:

Double-click the “Spider_Release_2008”folder.


Double-click the “Spider4” installer application:

You may see a warning:

Choose “Run”.


The Spider4 Setup program will start.

Click “Next”.

The installer will ask where to install Spider. The default location should be fine.

Click “Next”.


Click “Install”.

At this point you may see another alert message. If so, choose “Allow”.

Spider will begin installation.


Once complete, choose “Finish”.

Spider is now installed on your computer. Click here to return to the short instructions.


3. Delete Temporary Internet FilesThere are a couple brief steps to take before running a scan that will save you time and effort. The first is to clear your web browser’s Temporary Internet Files. Performing this before running Spider can eliminate many of the files that will be flagged. As a general best practice, this should be performed regularly to clean the data placed on your computer by certain web sites.

Note: If you use multiple web-browsers on your system (e.g. Firefox, Chrome), you'll want to clear the Temporary Internet Files for each browser before using Spider.

The following instructions are for Microsoft Internet Explorer 8:

First, Open Internet Explorer:

Click the Start button to open your start menu. Next click on “Internet Explorer”.

If Internet Explorer does not appear in the quick launch list, select “All Programs” then find Internet Explorer in the list of programs.


Internet Explorer should open to your homepage.

On the upper right hand side of the window, select the “Tools” button.

A drop down menu will appear. Select “Internet Options”.

This will open the “Internet Options” window.

On the “General” tab, click the “Delete...” button located in the “Browsing History” section.


A new window named “Delete Browsing History” will appear:

Make sure there is a check in the boxes for:

• Temporary Internet files

• Cookies

• History

Click the “Delete” button at the bottom.

The browser will begin deleting the selected items.

Once this operation finishes, close all Internet Explorer windows (the Internet Options and the Internet Explorer windows).

Your Internet Explorer browser history is now cleared. Click here to return to the short instructions.


4. Empty the Recycle BinAnother step to reduce potential false positives is to empty the Windows “Recycle Bin”.

For most users, the Recycle Bin is easily found on their desktop:

Right-click on the Recycle Bin icon and a drop down menu should appear.

Select “Empty Recycle Bin”.

A window will appear:

Choose “Yes”.

Your Recycle Bin is now empty. Click here to return to the short instructions.


5. Launch SpiderNow we will launch Spider.

First, click on the Windows “Start” button (or press ctrl - esc).

The program “Spider4.exe” may appear in your quick launch menu.

If so, click on it and the program should launch.


If it Spider4.exe did not appear in the quick launch menu, choose “All Programs” and find the folder labeled “Spider 4”.

Click on this folder, and then click on the “Spider4.exe” program.

Spider will launch and you should see the opening screen:

Click here to return to the short instructions.


6. Configure SpiderThere are a few configuration changes we want to make before we begin scanning the computer.

The first time you run Spider, a welcome screen may appear:

Select "Just use Spider".

You should now be at the main Spider menu:

Click on the “Settings” button.


The “Spider Configuration” window will appear:

Click on the “Scan Options” tab.

The “Scan Options” tab will appear:

Click on the “Start Directory” button.


The “Browse For Folder” menu will appear:

Click on the item labeled “Computer”.

Click on the item labeled “Local Disk (C:)”

Note: Some users may have a different drive label than C: or may have multiple hard drives on their systems. If the drive label is different (example D:, Z:), just select the different drive.


Next click the “OK” button.

For users with multiple hard drives, check the box “Scan all local drives”.

If you aren't sure, go ahead and check it. It won't do any harm.


Next click on the “Pattern Matching” tab.

Un-check the box next to “Credit Card Numbers”.


Now we will save the settings before continuing. Click the “Save” button located in the lower left portion of the screen.

A window will appear to verify that changes have been made.

Click on “Yes”.

You may see the following window:

Just click “OK”.

Spider has been configured. Click here to return to the short instructions.


7. Run Spider

Note: The scan may take some time and your computer may appear to freeze up or become unresponsive while Spider runs.

That's ok, just be patient and it will finish.

Spider can be resource intensive. You may wish to run the scan at a time when you can be away from your desk or at the end of your shift. We recommend allocating 1 - 3 hours for the scan.

Now you should be back at the Spider main screen:

To start your scan, click on the spider icon beneath the “File” menu button.

The scan will begin.


As the scan runs, it will begin to list files it suspects may contain SSNs. Spider will list the file name and location of each suspect file.

You can see a progress bar on the lower left portion of the Spider2008 window.

If you wish, you can begin previewing the files Spider identifies. Just click on the + symbol next to each entry and it will present you with the suspected sensitive numbers.

Some users may want to wait until the entire scan is finished because again, the scan is resource intensive and may hinder the computer's performance.


8. View, Verify, and Fix the Findings

After some time, Spider will display the message “Spider Finished.” at the bottom left of the window.

Once it has finished, you can view the results.

The Spider2008 window will show the path for each file suspected of having a SSN.

For each entry displayed in the Spider2008 window, right-click the file name and Spider will present the following remediation options:

• Open – Attempts to open the file in its native application. Use this to examine the file and determine if it actually contains sensitive data.

• Go to this folder – Opens the file's containing folder.

• Recycle – Sends the file directly to the Recycle Bin.


• Secure Move (DoD 5220 7-pass after copy) – Moves the file to a user specified location. Use this if you wish to relocate all sensitive files found to a specific location on your system. The file will be securely overwritten in it's previous location, but will still be present in the new location.

• Secure Erase (DoD 5220 7-pass) – Completely erases the file using the DoD 5220 standard.

• Ignore as False Positive – Ignores the file in future scans. Only use this if you've examined the file and determined it does not contain Restricted Information.

• Must keep this file – Creates a log entry that the user recognizes the file contains Restricted Information, however cannot sanitize it at this time.

• Copy file name to clipboard – Copies the filename to the Windows clipboard.

• Redact all matches in this file – Attempts to erase all instances of SSNs in the file. In testing this option proved unstable and is not recommended.

You should manually inspect each suspected file to confirm if it contains a SSN. Take a good look at each file and decide the most appropriate action. Remember, it is against UCSB policy to store Restricted Information without proper security controls. In most cases you should use the “Secure Erase” option to remove the file.

Below is a simple outline of the process to follow:

1. Inspect the file.

Spider has presented you a list of each file location it has flagged. To inspect a listed file:

Right-click the file name and select either the “Open” or “Go to this file location” option.


• “Open” will attempt to open the file in it's default application. • “Go to this file location” will open an Explorer window that contains the suspect file. Find the file

it has flagged and double-click to open it.

2. Determine if the file contains Restricted Information.

Once you've opened the file, it should be reasonably clear whether the file contains actual SSNs. Typically files containing Restricted Data are more likely to appear in your “My Documents” or other folders where you tend to store your files. They are less likely, but certainly plausible to appear in folders such as “Program Files” or “Windows”.

3. Delete, secure, or relocate sensitive files.

If you've found a file that contains Restricted Data, there are some things to consider before taking action:

• Do I still need this information?• Where did I get this information? What is the source?• Do any of my coworkers have this information?• Is my copy the sole source of this information?• Are there record retention laws pertaining to this information?• Have I ever sent this information to anyone?• Will I be receiving more data like this?

To delete a file:


You can either do this manually or use Spider's interface. Spider offers options to either “Secure Erase” or “Recycle”.

• “Secure Erase” uses a special algorithm to make it more difficult for the data to ever be recovered. This is the most secure method of erasing a file.

• “Recycle” sends the file directly to the Recycle Bin. Note that the file will still be present on your system until you empty the Recycle Bin, and it's even possible a motivated attacker could recover the data.

• To manually erase a file, first open the file's containing folder. Next either drag and drop it into the Recycle Bin or right - click the file and select “Delete”.

To secure a file:

This involves using encryption to protect the file. At present, UCSB has no standard software for file encryption. Your department's IT support staff may have tools available for you to use. The OIT is currently researching various encryption products that will likely be deployed as needed within the next few months.

Depending on the file's application type, there may be options in the application to encrypt the file. For example, Microsoft Office offers the ability to password protect a file. This is a good temporary measure to take until a more standardized encryption option is available.

If there are no encryption options available to you, or if you find you have a legitimate business need to retain the Restricted Information, it's wise to relocate the files into a location so you'll be able to secure them at a later date.


To relocate a file:

Spider features a “Secure Move” function that copies the file to a location you've selected, then securely overwrites the original file. This helps ensure that the new file location is the only place the file resides on your system.

Alternatively you can drag and drop the file to a folder of your choosing, but be aware this can leave residual data left on your machine.

Click here to return to the short instructions.


9. CleanupThe output generated by Spider inherently contains sensitive information. After running a scan, it's necessary to remove the scan logs and databases. Spider uses a local database to store your scan results and settings. Output logs are only generated by user request. If you exported any logs (you'd know if you did) then you'll want to delete those as well.

The basic cleanup consists of two steps:

• Remove Spider scan database

• Uninstall Spider

To remove the scan database, start by clicking the Start button (or pressing ctrl - esc).

Click on your username in the upper right corner of the Start menu.

Alternatively you can click on “Documents” or “Pictures” - we really are just opening a Windows Explorer window.


In the Explorer window, highlight the existing text in the Navigation Bar (your username if you've followed the last step).

Paste or type the following line into the Navigation Bar:

C:\Users\USERNAME\AppData\Local\Spider\State

Where “USERNAME” is your Windows username, and “C:\” is the drive where Windows is installed.


Press Enter. The destination folder will open:

Click on “Organize”, then “Select all”.

Right - click on the highlighted files and choose “Delete”.


Choose “Yes”.

The folder will now be empty:

Next empty the “Recycle Bin” on your desktop. You're done removing the Spider scan database.


To uninstall Spider, first open your Start menu (or press ctrl - esc).

Select “Control Panel”.

In the Control Panel window, click on “Uninstall a program”.


A window will open listing the programs installed on your PC.

Find “Spider4” on the list.

Select it, then click on “Uninstall”.

If the following Window appears, choose “Yes”.


Windows will begin uninstalling Spider:

At this time a warning may appear. If so, choose “Allow”.

Once finished, the Window will close. Spider is now uninstalled, and should no longer appear on the installed programs list. Click here to return to the short instructions.


10. (Optional) Complete Survey

Your feedback is vital to the success of this project. In order to ensure the effectiveness of this document, we'd like to hear any and all opinions about its structure, content, flow, grammar, or any other issues or observations you might have noticed.

Please visit this webpage and complete the survey. You'll need to log in using your UCSB NetID.

Thanks again for your participation.


http://it.ucsb.edu/spider-test-user-survey

Appendixes

Appendix A: Frequently Asked Questions

So what is this all about?The UCSB Office of Information Technology has started an initiative to identify where sensitive data, primarily Social Security Numbers (SSNs) reside on campus systems.

Why are we doing this?Partly because it is good practice, however mainly it is to ensure UCSB compliance with policy and law. University policy (such as the IS-3) mandates that certain controls need to be in place on any system where “Restricted Information” resides.

Specifically the IS-3 defines Restricted Information as:

Restricted information describes any confidential or personal information that is protected by law or policy and that requires the highest level of access control and security protection, whether in storage or in transit.

SSNs fall into this restricted category. We cannot accurately assess where such data resides by methods such as user surveys. In many cases the user may not know the data is present on their system. Use of a “Sensitive Data Scanner” assists the user in finding and when necessary, removing, sensitive data on their systems.

The last couple of years have seen increased scrutiny and legislation regarding the use and storage of Private Information by businesses and other institutions. As of July 14, 2009, Privacy Rights Clearinghouse estimated that more than 260 million records involving sensitive information had been disclosed in security breaches since 2005. Many of these breaches occurred at institutes of higher education. Because of these data exposures, many universities are re-examining how they handle information and where Private or Confidential Information resides.

What does Spider do?Spider scans your hard drive, web site, or other collection of files to identify SSNs. When the scan is complete, Spider produces a log listing all files that may potentially contain confidential data. Use the information in the log file to protect confidential data by encrypting


the files, moving the files to a secure server or off-line storage, or other secure methods. Choosing the correct protection strategy is a combination of business needs, local policy and technology, user education, and other factors. While the scanner program is fairly accurate, false positives are not uncommon. You will need to review your results carefully to determine which files truly contain SSNs.

Exactly what does the software look for?It's important to realize that no one at UCSB is viewing the actual content on your computer. The software program scans for Restricted Data based on specific patterns of numbers and reports the location of the suspect files to you.

What if there is Private information found on my computer?Spider allows you to remediate the information within the program. You may "shred" (securely erase the file) or "scrub" (securely remove/redact the Restricted Data from the document). Spider may find your own personally identifiable information (PII) on your computer (typically in copies of tax returns, old resumes, forms, etc.). Please redact or remove your own PII from your computer to safeguard it.

Some things to consider when you find Restricted Data:

• Do I still need this information?• Are there record retention laws pertaining to this information?• Where did I get this information?• Do any of my coworkers have this information?• Is my copy the sole source of this information?• Have I ever sent this information to anyone?• Will I be receiving more data like this?• Is this data stored anywhere else that I know of?

Is the scan complete (will it find everything)?No. Spider will not scan files such as encrypted archives, and also can't identify pictures of SSNs, such as scanned documents. The system is advisory only; just because we don't find anything does not necessarily mean there is nothing there.

I thought I removed the SSNs from my files, but the scan says they are still there. I can't see them; what should I do?Depending on what type of file you have, the information may be stored in one of several places, or it may be kept as part of the change log within the file. Try the following:


For Adobe Acrobat (.pdf) files:Open the file and say "Save as". Save the file over itself ("Save as" with the same filename). This will remove any form-field-change information in the PDF, removing the SSN and also making the file considerably smaller.

For Microsoft Word (.doc) and Excel (.xls) files:For the DOC and XLS files, turn off revision control and/or tracking of changes, then save the file:Tracking Changes: Tools -> Track ChangesIf the word "Shared" appears in square brackets in the title bar when you have the document open, go to Tools -> Shared Workspace and turn off change-tracking there, under the Advanced tab.

Some Technical Information Regarding What Spider Will and Won't Do :

Spider starts by building a list of files that meet the scan selection criteria, then begins its work.

Files Spider will scan: • any file marked by Windows as Archive, Normal, Compressed, or Temporary • any of the above file types that are not open and locked by another application • any unencrypted file stored within a readable ZIP archive

Files Spider will not scan: • files open and locked by another process (i.e., an Excel spreadsheet currently opened by Excel) • system files (executables, DLLs, the pagefile, the hibernation file, etc.) • encrypted files (on the assumption they are inaccessible) • sparse files (generally weird databases that Spider couldn't reliably parse anyway) • graphics files like RPM, TIFF, JPG and truetype fonts.

Note: Spider will misidentify certain types of files as containing SSNs. Common files that Spider misidentifies are RPM, TIFF, and TrueType fonts.


Appendix B: IS-3 Guidelines for Restricted Resources

Restricted Resources A Resource that supports the storage, transmission, or processing of restricted information to which access requires the highest degree of restriction and that requires the highest level of security protection. The term “restricted” should not be confused with that used by the UC managed national laboratories where federal programs may employ a different classification scheme.

General Recommendations • Restricted information should not be collected or stored unless absolutely necessary. • Access to restricted Resources should be authorized only as needed to perform assigned duties. • Ensure training for all individuals who have been granted access to restricted Resources. • Delete or redact restricted information when there is no longer a business need for its retention. • Avoid using restricted data when testing or developing an application, or for training purposes; rather, “mask” the restricted data

(such as Social Security Numbers) with dummy information. If this is not possible, ensure implementation of appropriate security measures.

• Establish agreements before restricted information is distributed to third parties. Agreements should include instructions regarding appropriate security measures and final disposition of data when no longer needed by the third party.

• Restricted information should be encrypted in transit. • Restricted information should not be stored on portable devices. If it is necessary to store restricted information on portable devices,

ensure that appropriate protections measures, such as encryption, are in place before installing restricted data on the device. • Implement security measures identified in the campus security program.

Information Security Program Requirements Specific to Restricted Resources Refer to section citations noted for each entry for full text.

Risk Assessment, Asset Inventory, and Classification [III.B.1] Conduct appropriate risk assessments or business impact analyses to inventory and determine the nature of electronic information assets held or managed by a campus unit and to understand and document the risks in the event of failures that may cause loss of confidentiality, integrity, or availability of Resources.

Security plan [III.C.]


Delete or “de-identify” Restricted data whenever possible when data is copied, i.e., for analysis or research, by removing data elements that, in combination with other data, would result in the identification or description of an individual. If it is not possible to delete restricted data from analysis tools or spreadsheets, adequate administrative, technical and physical security measures must be implemented. Ensure that Authorized Individuals implement appropriate security measures before restricted data is transferred to a destination system.

Workforce and authorization management [III.C.1.a] Adhere to the principles of separation of duties when assigning job responsibilities relating to restricted or essential Resources.

Critical Positions [III.C.1.b] Conduct applicable background checks for final candidate(s) for critical positions related to restricted or essential Resources as part of the selection process. Establish procedures for conducting disciplinary action or termination for staff working in critical positions related to restricted or essential Resources. Restrict, suspend or terminate access where there is a concern that access to restricted Resources endangers security or integrity.

Violations [III.C.1.c] Notify Resource Proprietors or Custodians of violations of IS-3 guidelines in accordance with departmental procedures.

Access Controls [III.C.2.b] Establish appropriate measures to safeguard against unauthorized access to restricted Resources. Establish measures that ensure authorized rights of access to modify restricted data.

Session protection [III.C.2.b.ii] Establish technical security mechanisms that prohibit or minimize the risk of unauthorized access to restricted Resources by others who might gain control of a working session.

Data Backup and Retention [III.C.2.c.ii] Encrypt restricted data if there is a risk to physical security in the storage of backup copies. Backup requirements extend to restricted or essential software and data stored on personal computers as well as on shared systems.

Protection Measures [III.C.2.c.iii] Deploy appropriate measures, such as firewalls, to protect supported systems from “malicious software” and to limit access to systems that host restricted or essential Resources.

Network Security [III.C.2.d]


Deploy firewalls and IDS/IPS to limit access to systems that host restricted or essential Resources.

Change Management [III.C.2.e] Perform changes to any restricted or essential systems according to authorized change management procedures.

Encryption [III.C.2.g] Encrypt restricted information during transmission using encryption measures strong enough to minimize the risk of the information’s exposure if intercepted or misrouted.

Physical and Environmental Controls [III.C.3] Establish procedures for the physical protection of restricted Resources.

Physical Access Controls [III.C.3.b] Implement controls for limiting physical access to facilities housing restricted or essential Resources.

Disposition of Equipment [III.C.3.d] Establish procedures to ensure implementation of controls to address the re-assignment or final disposition of hardware and electronic media, including requirements that ensure complete removal of restricted or other sensitive information before disposition.

Portable devices and media [III.C.3.e] Do not retain restricted information on portable equipment if protective measures are not implemented that safeguard the confidentiality and integrity of the data in the event of theft or loss of the portable equipment. Protective measures should be implemented before restricted information is installed.

Education and Security Awareness Training [III.E] Conduct security awareness training as required and appropriate.

Third-party Agreements [III.F] Conduct background checks for non-University contractors or consultants engaged to work on restricted or essential Resources.

Minimum requirements for network connectivity [IV] All minimum requirements for network connectivity (Section IV) apply:

Each Campus shall establish minimum standards for devices connected to their networks. Standards must address, at the least:


A. Access Control Measures - to allow only authorized individuals access to networked devices.

Typical current access controls measures are passwords (see section III.C.2, Technical Controls, above). Shared-access systems must enforce password or other authorization/authentication standards whenever possible and appropriate. In situations where systems ship with default passwords for network accessible devices, those passwords should be changed upon first use.

B. Encrypted Authentication - to protect against surreptitious monitoring of passwords.

Suitably strong encryption shall be employed when passwords are transmitted over a network. Network traffic may be surreptitiously monitored, rendering these authentication mechanisms vulnerable to compromise. Encryption- capable services, such as SSH, SFTP, SCP, SSL, HTTPS, POPS, and IMAPS, may be used to meet this requirement.

C. Patch Management Practices - to ensure timely update of security patches.

Networked devices shall run versions of operating system and application software for which security patches are made available, and these should be installed in a timely fashion. Exceptions may be made for patches that compromise the usability of critical applications following campus exception procedures. Implementation of additional measures may be required when exceptions are granted.

D. Malicious Software Protection - to protect networked devices from malicious software, such as viruses, spyware, and other types of malware.

When readily available and as appropriate for specific operating systems, software to detect viruses and other malware shall be running, up-to-date, and have current virus definition files installed on all network devices as appropriate.

E. Removal of Unnecessary Services - to prevent surreptitious use of services not needed for the intended purpose or operation of the device.

If a service is not necessary for the intended purpose or operation of a device, it shall not be running on that device; such services should be disabled, turned off, or removed.

F. Host-based Firewall Software - to limit network communications to only those services that require access to the network.


When readily available for specific operating systems, host-based firewall software shall be running and configured to limit network communications to only those services requiring access to network devices.

G. Authenticated Email Relay - to prevent unauthorized third parties from relaying email messages.

Devices shall not provide an active SMTP service that allows unauthorized individuals to send or relay email messages, i.e., to process an e-mail message where neither the sender nor the recipient is a local user.

H. Authenticated Network Proxy Servers - to prevent unauthorized access to Internet-based Resources.

Network proxy servers should employ authentication to protect devices that allow unauthenticated access from UC locations. Although properly configured unauthenticated proxy servers may be used for valid purposes, unauthenticated proxy servers may enable an attacker to execute malicious programs from the server in the context of an anonymous user account or allow unauthorized access to licensed Resources.

I. Session Timeout - to prevent unauthorized access to restricted or essential services or devices left unattended for an extended period of time.

Devices that access restricted and/or essential services that are left unattended for an extended period of time shall employ measures, such as session timeout or lockout mechanisms, that require re-authentication before users return to interactive use. Devices that host confidential or critical information may be subject to additional requirements.
