Problem solve Get help with specific problems with your technologies, process and projects.

Identifying sensitive data on a network

We are in the process of developing security policies and procedures. During this process we have identified certain...

types of data that we have classified as sensitive and cannot (by policy and law) be stored on non-secured workstations. We are certain that some workstations have "sensitive data" stored on them, due to a previous lack of policy preventing it. We have no idea where this data is nor in what format it is stored. We are certain that very few of the 5000 or so PCs are secured to the degree that this type of data requires. We are looking for a tool that can be used to scan all of the workstations for the types of data elements we have determined are sensitive and will report the findings. We can then move to either secure the workstation, and/or remove the offending data elements. Examples of the types of data we would be looking for are SSN, GPA and other data types as defined by HIPPA and FERPA.

Does such a tool exist, and where can I get it?

One way you can go about this is get a network recorder or sniffer, such as those available from Niksun and Network Instruments. You can record all traffic going across your network, replay traffic, put packets together to identify content, etc. With this, you can identify the source and destination of what you deem sensitive information. If you have a Windows environment, you should be able to develop a login script that can search each system for questionable files that can later be reviewed more thoroughly.

For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Infrastructure and Network Security
Featured Topic: Security Policies

This was last published in May 2002

Dig Deeper on Information security policies, procedures and guidelines

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.