Share

Identity Finder Upgrade (University Park)

Posted: December 10, 2012

Security Operations and Services (SOS) plans to release version 6.2 of Identity Finder (IDF) in mid-December. This release will fix many of the glitches that we have experienced with the previous version. In preparation for the new IDF version, Ag IT will be implementing changes to the way the software functions, to make it run more smoothly in our environment. For more information on the changes Ag IT is implementing to help with IDF scanning, continue reading.

Regular Identify Finder (IDF) scanning followed by diligent remediation is an ongoing, mandatory process for every Penn State owned computer. As the IDF software evolves and changes are implemented, we will need to adapt our procedures.

Several months ago, version 6 of Identity Finder was released. IDF version 6 scans more documents and document types for personally identifiable information (PII). Additionally, documents are scanned in different ways, including the use Optical Character Recognition (OCR). Many of us have experienced challenges with version 6 and the new method of scanning. Ag IT has taken steps to change the way IDF scans some environments (such as Exchange) and you should notice some immediate improvement.

IDF version 6.2 is scheduled to be released in mid-December. This release will fix many of the other glitches that we have experienced in our environment and that others in the College and at Penn State have reported. In preparation for version 6.2, we will be implementing changes to the way the software functions, to alleviate some of the reported problems and make the program run more smoothly in our environment. Below is a partial list of some of the obvious changes you can expect.

  • No Password Required - When you manually launch Identify Finder, you will not be prompted for a profile password, but will go directly to the advanced scan interface (see technical discussion 1 below). Please note that automatic, scheduled scans never use a password.
  • Scan Schedule Changes - As we realign clients with the new College departmental structures and reporting units, your scheduled scan day may change.
  • More Exceptions - More locations on your computer will be "ignored" from scanning such as Program Files and other locations where the probability of now finding PII is very low. This will decrease scan times.
  • Longer Time Between Scans - The amount of time between scans is being extended from two to three weeks. PSU policy allows us to evaluate a compromised computer if a scan was performed and the computer fully remediated within 30 days of the compromise. We ask that you be diligent with remediation to remain within the 30-day period. This change in scan frequency should make scanning and remediation less burdensome.

If you have additional questions or comments on these changes or on version 6.2, please contact the Ag IT Help Desk.


Technical Discussion

1. A scheduled scan uses the "guest" profile with no password. A manual scan can use either the same guest profile with no password or a separate profile that you create with a password. If you use both a guest and password profile, they don't share information and this often resulted in duplicate remediation efforts. Further, passwords were forgotten and profiles had to be deleted if the password was used for scheduling your own scan (which we've moved away from a while ago). Also, that password was saved in clear text in one area and presented security challenges. We believe that using only the scheduled-scan, guest profile with no password streamlines the use of Identity Finder.

2. Identity Finder 6 creates and copies many files during the scan process -- especially in an Exchange environment -- where it must securely shred these files after the scan is done. Shredding occurs when the software exits or the scheduled scan completes. If the shred process failed, more files were created and copied on subsequent scans further increasing not only the time needed to securely shred these files but also to scan all of these files over again. If IDF fails to exit properly, please review our How To: Identity Finder - Force Quit Leaves IDFTmpDir Folder & Files Behind and/or contact the Ag IT Help Desk so that we can make sure these temporary files are securely shredded thus dramatically reducing the scan time.