Identity Finder Resources
Identity Finder will help you find and remove PII (personally identifiable information) from your computer. Here's how:
Identity Finder Documentation
For written documentation on how to use Identity Finder with your Libraries workstation, see the following from... https://wikispaces.psu.edu/display/dltpub/Identity+Finder+Documentation
Documentation related to the DLT/UL installation of the Identity Finder Personally Identifiable Information (PII) scanning Client. Information on this page will be updated as needed.
What is Identity Finder and how does it work?
Identity Finder is a PII scanning client that is installed on a user's assigned UL computer; the client will scan for PII on a scheduled basis and report the findings to both the user and central console. The findings include file location and name, the PII type found, the PII match (SSN, CC, etc.). In addition to this information, the action taken by the user is also reported to the central console. The central console is monitored by DLT security. This differs from the previously used software as the user now has the ability to remediate their information.
As defined by Security Operations and Services (SOS):
Software from Identity Finder that is installed on a computer; either the Identity Finder Enterprise Client for Windows or the Identity Finder Client for Mac.
Software from Identity Finder that is installed on a server for the purpose of communication with clients; the Identity Finder Enterprise Console.
A collection of attributes on the console that affect clients on end points. A policy can be comprised of settings, global ignore lists, and scheduled tasks and can be applied to one or more end points or tags.
A collection of parameters directly affecting scanning by clients on end points. These parameters may include types of PII for which to search and areas of the computer across which the search is performed.
Global Ignore Lists
Locations of files to discount while scanning on all end points that receive the policy.
A remediation method whereby the entire file is securely deleted. The shred process cannot be undone!
A remediation method whereby the sensitive data in a file is redacted by replacing the data with (typically) X’s. This method only works on certain Office 2007 files and text based files; it does not work on Office 2003 and older files.
Data that looks like PII, but is in fact, not.
A remediation method of sorts whereby the sensitive data or the entire file is excluded from future scan results. This should only be used to remove false positives---data that looks like PII, but is in fact, not.
A remediation effort whereby the file is placed in an encrypted file, thus securing the file.
A remediation effort whereby the file is relocated to a secure, or more secure, location such as a network file server.
The specific sensitive data found. This could be a 9-digit SSN, a 16-digit credit card number, or a 8-digit Pennsylvania driver’s license number.
DLT will configure the centrally controlled scan to run every two weeks on Thursday mornings. The reason for this schedule is in the event of a compromise we must be able to show a clean scan within 30 days. The two week schedule will allow for a machine missing one scheduled scan and still be compliant within the 30 day window.
DLT will be monitoring the central console to ensure that action is taken on potential PII as well as to offer guidance or assist with any questions on the validity of match data. Access to the console is restricted to a limited number of DLT representatives as agreed to in the MOU. If no action is taken on a potential instance of PII or an inappropriate action is taken, DLT representatives will work with the individual user to resolve the issue. DLT will also have the ability to change the policies for the client, if a large number of false positives continue to occur in a known safe location DLT can change the ignore list so that others will not have that same problem. This will allow us to speed up the scanning process for everyone.
The User Interface and Scan Results
The user interface consists of two panes. The main pane lists the files and the file locations that may contain PII, the size of the file, what kind of match the client believes it has found and the potential PII. The preview pane will display the contents of the selected file so that the user can make a more informed decision on whether or not the information displayed is PII.
Every two weeks the IDF client will scan your system for PII, when this scan is initiated the IDF user interface appears.
While the scan is running the interface can be minimized; however, when the scan is complete the user has the ability to remediate any findings. When the scan is complete select the Advanced option to continue to the remediation window.
The buttons you will need to be concerned with are the Shred, Scrub, and Ignore. Secure, Quarantine, and Recycle should not be used. The goal of the scanning project is to remove all PII from University owned machines; the Secure button will encrypt the file but will not remove the PII. The Quarantine button will move the file to a specified location which can be encrypted, but will not delete the original. The Recycle button will simply move any selected file into the Recycle Bin.
The Shred option will securely delete the entire file containing PII. This is the most secure and recommended feature for confirmed instances of PII located on UL computers.
However, it may be necessary to retain the file while removing only the confirmed instance of PII. To do this you will use the Scrub feature.
Scrubbing a file removes PII and replaces it with a series of x's.
In the example below the highlighted file contains both an exposed fictitious user/ssn as well as a Scrubbed instance.
If you can without a doubt confirm that the flagged item is not PII, you can 'Ignore.' This option will ignore false positives so that the software will not flag them as PII in subsequent scans.
In the example below a file (Eudora junk filter) contains a string of numbers that has a similar format as a Social Security number. Looking in the preview pane I can confirm that this is in fact not PII and is just a string of numbers and can be 'Ignored'.
Much like antivirus software, IDF will regulary check for definition updates. If you are prompted to update your AnyFind Definitions, do so. Major software upgrades will be handled centrally by DLT.
The user has the option to run a manual scan at any time. If you decide to run the IDF client manually you will be prompted to enter a profile password. This password must be different than your PSU access password. You will need this profile password each time you run a manual scan. If you chose to run the manual scan as a guest (no password) no settings or ignore lists will be saved. If you forget your pasword it cannot be reset, DLT will assist you in deleting/recreating the profile. The manual scan interface is the same as the scheduled scan interface, the same remediation procedures should be followed.
Q: I cannot shred an item in my result list
A: The item may be marked as read only, select the item and check the status in the bottom right hand corner of the results window, uncheck read-only if applicable
Q: IDF received an error, should I send the error to IDF
A: No, you can send the error to the DLT Helpdesk who will work to resolve the issue
Q: Can I shred Windows system files
A: You are only able to delete files that you have full access to, system files are protected so you can read them, but not delete them
Q: Can a shredded item be recovered
A: No, a shredded item has been securely removed from your system
Q: I want to scrub an item, but the button is greyed out
A: Scrub is only available in certain applications; if the button is greyed out it cannot be scrubbed using IDF
Q: Do I have to use the IDF console to remediate my results
A: This is the preferred method of remediation
Q: Where can I go for assistance?
A: DLT Technicians will be available to assist
Q: Items I ignored in my manual scan still show up in my scheduled scan
A: The manual scan uses personal settings configured by the user, the scheduled scan using settings configured by SOS and DLT. If you ignore the same items in both scans, they should not re-appear
Q: I cannot shred email or web browser results
A: If your email application or web browser is open, close it and try to shred the findings again. IDF cannot shred these items if the application is open.