Information Security Office

Office of Information Technology

Sensitive Number Finder

UTSA has been tasked with identifying files on all university systems that may contain social security numbers (SSN).  The systems range from server shares to local desktop systems.  IT Security has provided the Senf application as a tool to help identify social security numbers.

All system users are tasked with doing their part in to identify sensitive information stored on their computer systems or network shares.  Instructions have been provided to help assist in the running of this tool.  If you are requiring additional assistance please feel free to contact Information Security Office.

Lance Pritchard - 458-7218
Michael Baland - 458-7216
Homero Torres - 458-5890
Annette Evans - 458-5899
Help Desk - 458-5538

SENF

Use Senf (Sensitive Number Finder) to identify SSN’s (Social Security Numbers) and CCN's (Credit Card Numbers)  that may be stored on your computer system and I drive.

Senf is a number finder that has been created to seek out sensitive numbers such as social security numbers and credit card numbers.  Since Senf is designed to identify number patterns that are formatted like social security numbers or credit card numbers, the tool has the potential to report false positives.

For Linux/Mac Install Click Here

1. Obtaining Senf

The tool must be present on your desktop system to run.  Instructions on how to get the Senf tool is provided here.

2.  Installing Senf

Installation procedures for Mac, Linux and Windows are provided here.  The Senf tool must be obtained first before installing it on your desktop.  Installation does not require administrative rights on your system.

3.  Configuration

Configuration of the Senf tool is important as to reduce the number of false reporting and streamlining the scanning process.

4.  Running Senf

Once you have configured the Senf tool, you can conduct your scan.  The scan will not interfere with your work and can be run in the background.

5.  Report Findings

1. How to Get the Tool

OIT Push

OIT will be pushing the tool to the desktop systems within their control.  Once the Senf tool has been pushed out, an icon will appear on your desktop named Senf. 

Download

If the Senf tool was not received through our desktop push you must download the tool.  Additional instructions on downloading

SenfNet.0.78.1323 Windows download

Installation of Senf

For Windows Systems

If you received the tool via OIT desktop push, you will have an icon appear on your desktop.  The tools is ready for use.  You will not need to install the Senf tool. 

If you did not see the icon on your desktop, you will need to download it before installing the Senf tool.

Once you have downloaded the appropriate install file, it will need to be extracted.  The file is in .zip format.  You can double click the file and you will be prompted to extract the contents of the zip file to a given location.  You can select the default location of the desktop folder or you can extract it to the "c" drive.  Once you have extracted the Senf files, you will see a newly created folder with the name "SenfNet.0.78.1323".

Open the folder and select the SenfNet.exe file by right clicking on the icon.  A menu box will appear.  Select the create shortcut option.  This will create a shortcut that should be placed on your desktop.  The shortcut will provide easy access to run the Senf tool.  You are now finished with the installation phase. Detailed instructions on the installation of Senf

How to Run the Tool

Launch the tool by double clicking on the shortcut that was created.  Scan all drives on your computer including your "I" drive folders.  You can scan only one drive at a time.  To start scanning, modify the Root Scan Path setting to drive you want to scan i.e. ("c:\").  This will run a scan on your entire c: drive.  Change the Log file name: to the hostname of your system followed by the date like shown in the example. (i.e. UT123456_05032007.txt)

Do not change any of the other settings is this window.

FIG 1

Once the scan path and log file name have been modified, select the scan button.  The scan can take a while, but should not hurt the performance of your system.  You can minimize the Senf tool and run it in the background as you work.  Once the scan has completed, the word "Done." will appear in the above dialog box with match information.  The match information will tell you how many possible files contain SSN's or CCN's.  A log file will also be created to specify matches or findings.

Reporting Your Findings

The results will identify files that may possibly contain sensitive numbers.  Reviewing the files will help you identify "true" sensitive numbers.  You can also click on links within the box (see FIG 2) highlighted examples.  By doing this, it will give you a "peek" into what the files contain (FIG 3).

FIG 2

FIG 3

If the file doesn't have any SSN's and/or credit card numbers you're done.  You do not need to report.

If you save the SSN's to external media and keep the media in a secure area, you do not need to report. 

If you find SSN's and no longer need them, please delete them. No reporting is required.

If you maintain the SSN's file(s) on the computer or the "I:" drive please complete the form and send to the SSN Coordinator-Annette Evans, University Heights, room 1.216E

Justification for maintaining Social Security Numbers Form

Additional Resources:

https://source.its.utexas.edu/groups/its-iso/projects/senf/wiki/SenfReadme

For Linux/Mac Install Click Here

©The University of Texas at San Antonio One UTSA Circle San Antonio TX 78249
Revised: 02/01/2008
Refer Comments to: oit@utsa.edu
Identity Guidelines | Policies | Emergency Preparedness | Required Links