Operating System - OpenVMS
1748219 Members
4491 Online
108759 Solutions
New Discussion юеВ

Re: Need something to scan for SSNs & CCNs

 
SOLVED
Go to solution
Victor Semaska_3
Esteemed Contributor

Re: Need something to scan for SSNs & CCNs

Thanks everyone for your advice and help.

Hoff, I wasn't familiar with how Google could search a specific site. Learn something new every day. I was able to download grep from that site and run it. Problem is that it sometimes aborts with an access violation so I couldn't do full disk scans. One of the reasons it aborts is if it tries to scan an open file. I made sure all app.s are stopped so there weren't any files open on the disks but it still aborts.

It did prove useful in that it did find files with actual SSNs in them (old reports) before it aborts. Seems the server was used for some Personnel/Payroll system. Anyway, mission accomplished (sort of).

Thanks again,
Vic
There are 10 kinds of people, one that understands binary and one that doesn't.
David Jones_21
Trusted Contributor

Re: Need something to scan for SSNs & CCNs

Generally, SSN scanners are prone to producing so many false positives to make them useless. International phone numbers often have an SSN type format. If you want to be complete, you need to decode MIME encodings and PDFs and the various archive formats (ZIP, gz, etc) to include them in the search.

In other words, it's a tough problem.
I'm looking for marbles all day long.
Wim Van den Wyngaert
Honored Contributor

Re: Need something to scan for SSNs & CCNs

It seems one of my posts didn't arrive.

https://www.pcisecuritystandards.org/pdfs/asv_report.html you only have to find out which is supported on VMS. Or scan the VMS disks starting from *nix using NFS (is what I would do because thus only 1 product).

Wim
Wim
Victor Semaska_3
Esteemed Contributor

Re: Need something to scan for SSNs & CCNs

Scanning the VMS disks on *nix via NFS mounts sounds like a nice idea. Would be able to use the same script we're using on the *nix servers.

The TCP stack (if that's what it's called) that's being used is Multinet. Looked thru the NFS options with MULTINET CONFIGURE/MENU but wasn't able to make it work. Kind of looks like the NFS option wasn't purchased. There's no service contract for Multinet anymore so no supoort available.

Will have to wait to see what the auditors want to do this sensitive data on this old VAXstation. See if I have to identify the specific files.

Thanks,
Vic
There are 10 kinds of people, one that understands binary and one that doesn't.
Wim Van den Wyngaert
Honored Contributor
Solution

Re: Need something to scan for SSNs & CCNs

Or zip them and unzip them on *nix.

Wim
Wim
Hoff
Honored Contributor

Re: Need something to scan for SSNs & CCNs

For those that aren't acquainted with fossil-vintage software, or that are not themselves of fossil-vintage -- and being guilty on both counts myself...

POSIX was a supported DEC product for OpenVMS VAX, and there are probably copies of it on your V6.2 distro kit. No license was required to use it, only the time spent to install it. POSIX provides a full Unix shell.

POSIX was retired in the early V7.* range and had some issues when upgraded past a specified release (you needed to remove it), and the capabilities it offered were later replaced with the gnv kit in more recent times. But back in this era, it worked fine. And I'm guessing you're not going to be upgrading this particular OpenVMS VAX anytime soon...

POSIX directly allows most Unix bash shell scripts and most Unix commands to operate.
John Gillings
Honored Contributor

Re: Need something to scan for SSNs & CCNs

Vic,

>Scanning the VMS disks on *nix via NFS
>mounts sounds like a nice idea. Would be
>able to use the same script we're using on
>the *nix servers.

Yes and no.

Yes, if the files are all sequential text, and the NFS server does the right thing in interpreting record formats other than stream_lf.

However, if you have indexed files, especially if they're compressed, the data from NFS won't make any sense, and it's unlikely you'll find any target fields if they're present.

In contrast, running the script on OpenVMS where the indexed file is opened as a sequential file, RMS will present the records in primary key order, de-compressed just as if it were a text file.

You may get something similar happening with NFS, but I wouldn't want to bet my business on it!

Consider that if there are SSNs and CCNs on the system, in an OpenVMS context they'd be far more likely to be in an indexed file or data base than in a flat text file.
A crucible of informative mistakes
Victor Semaska_3
Esteemed Contributor

Re: Need something to scan for SSNs & CCNs

Thanks Wim,

Zipping up the files and put them on a *nix server to be scanned turned out to be the best and simplest solution.

The VAXstation has plenty of free diskspace so I was able to zip up the files one disk at a time. Then ftp the zip files over to a test Linux box that I have with lots of free space.

Not the perfect solution but the auditors are happy so I'm happy.

Vic
There are 10 kinds of people, one that understands binary and one that doesn't.