How to Root Out Sensitive Text in Network Files

By Kevin Beaver

When running security tests, once you find open network shares, you’ll want to scan for sensitive information stored in files such as PDFs, .docx, and .xlsx files. It’s as simple as using a text search utility, such as FileLocator Pro or Effective File Search. Alternatively, you can use Windows Explorer or the find command in Linux to scan for sensitive information, but it’s just too slow and cumbersome.

You’ll be amazed at what you come across stored insecurely on users’ desktops, server shares, and more, such as:

  • Employee health records

  • Customer credit card numbers

  • Corporate financial reports

  • Source code

  • Master database files

The sky’s the limit. Such sensitive information should not only be protected by good business practices, but is also governed by state, federal, and international regulations see have to make sure that you find it and secure it.

Do your searches for sensitive text while you’re logged in to the local system or domain as a regular user — not as an administrator. This will give you a better view of regular users who have unauthorized access to sensitive files and shares that you thought were otherwise secure. When using a basic text search tool, such as FileLocator Pro, look for the following text strings:

  • DOB (for dates of birth)

  • SSN (for Social Security numbers)

  • License (for driver’s license information)

  • Credit or CCV (for credit card numbers)

Don’t forget about your mobile devices when seeking sensitive, unprotected information. Everything from laptops to USB drives to external hard drives is fair game to the bad guys. A misplaced or stolen system is all it takes to create a costly data breach.

The possibilities for information exposure are endless; just start with the basics and only peek into common files that you know might have some juicy info in them. Limiting your search to these files will save you a ton of time!

  • .txt

  • .doc and .docx

  • .rtf

  • .xls and .xlsx

  • .pdf

An example of a basic text search using FileLocator Pro is shown here. Note the files found in different locations on the server.

Using FileLocator Pro to search for sensitive text on unprotected shares.
Using FileLocator Pro to search for sensitive text on unprotected shares.

FileLocator Pro also has the ability to search for content inside PDF files to uncover sensitive data.

To speed the process, you can use Sensitive Data Manager, a really neat tool designed for the very purpose of scanning storage devices for sensitive, personally identifiable information. It can also search inside binary files such as PDFs.

For a second round of testing, you could perform your searches logged in as an administrator. You’re likely to find a lot of sensitive information scattered about. It might seem worthless at first; however, this can highlight sensitive information stored in places it shouldn’t be or that network administrators shouldn’t have access to.

Testing is highly dependent on timing, searching for the right keywords, and looking at the right systems on the network. You likely won’t root out every single bit of sensitive information, but this effort will show you where certain problems are, which will help you to justify the need for stronger access controls and better IT and security management processes.