Steal this Computer Book 4.0: Prevent Google hacking

Steal This Computer Book 4.0 Wallace Wang 384 pages; $29.95 No Starch Press

Then try Google hacking your own Web server and see what you find. You may be surprised at how much information Google may already know about your server and how vulnerable you computer might really be.

Search engines like Google constantly troll different Web sites and store the files they find in a storage area called the cache. Once your Web site's files have been stored in Google's (or some other search engine's) cache, anyone can view them by using the cache operator. For example, if you want to view pages that were previously displayed by a Web site, you can use the cache operator followed by the Web site address, as shown below:

For More Information Learn how attackers use war dialing, port scanning other hacking techniques to infiltrate your network. Protect your business from a Google hack. Visit our resource center for news, tips and expert advice on how to defend against the latest hacking tools and techniques.

cache:cnn.com

This Google query will show you the Web pages currently stored on Google for the CNN.com Web site. These pages will remain in Google's cache until the next time Google refreshes it cache by visiting the CNN.com Web site, even if CNN.com has removed or altered the pages in the meantime.

Google, like most search engines that regularly "crawl" the Internet to find Web sites to index, follow certain rules when visiting Web sites. One of those rules is that Web site administrators can create a special robots.txt file that specifies which parts of the Web site the search engine should not explore and store in its cache. So if there are sensitive files on your computer that you don't want others to see, you can create a robots.txt file to tell Google not to index them. (Of course, it's much safer not to put sensitive files on your Web server computer in the first place.) To learn more about how the robots.txt file works, visit www.robotstxt.org. Just be aware that hackers can also peek at your robots.txt file to see what information you want to protect, and then they'll know exactly what type of information to look for in your computer.

Another alternative is to request that search engines (for example, Google) ignore your Web site altogether. However, while this can prevent hackers from scanning your site using the search engine, it can also keep legitimate users from finding it that way too. To request that Google remove your site from its index, follow the steps listed at www.google.com/remove.html.

Finally, visit the Google Hacking Database (GHDB) --http://johnny.ihackstuff.com -- to see how Google has exposed other Web sites to attack. You can (hopefully) thus learn how not to fall victim to the same tricks.

Every tool on the Internet can be used for good or for bad, and Google is no exception. If you run a Web site, you must learn about Google hacking in order to lock down your system's defenses. If you're just a curious and non-malicious individual, have fun experimenting with Google. You may find more than you ever imagined.

Download the full chapter to learn what other hacking tools and techniques are used to solicit an attack.

BROWSE BY TAG Enterprise Data Protection,   Enterprise Data Governance,   Information Security Laws, Investigations and Ethics,   Information Security Management,   Information Security Threats,   Emerging Information Security Threats,   Data Loss Prevention,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Enterprise Data Governance Risk management must include physical-logical security convergence Simple information security mistakes can cause data loss, says expert Organizations struggle with data leakage prevention, rights management Encryption in data management should never be ignored, expert says Attackers cash in on fundamental data handling mistakes, Verizon finds Data loss prevention benefits in the real world Mass., Nev. data protection laws wrong, ineffective Cybersecurity hearing highlights inadequacy of PCI DSS Enforcing a vendor risk assessment to avoid outsourcing security risks How to Secure Cloud Computing Information Security Laws, Investigations and Ethics Cybersecurity czar candidate questions clout of new position DHS fills National Cybersecurity Center post FTC shutters rogue ISP for hosting malicious content, botnets Experts optimistic of Obama cybersecurity plan WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Cybersecurity Act of 2009: Power grab, or necessary step? Face-off: Who should be in charge of cybersecurity? Feds should get private sector advice on cybersecurity Federal efforts to secure cyberinfrastrucure Emerging Information Security Threats Antispyware buying guide for Indian enterprises ATM malware lets attackers take over machines FTC shutters rogue ISP for hosting malicious content, botnets The failing war against cybercriminals White House cybersecurity czar faces major hurdles Cybercrime and threat management The Pipe Dream of No More Free Bugs Face-off: Who should be in charge of cybersecurity? Federal efforts to secure cyberinfrastrucure Adobe working on patch to correct new zero-day flaw

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cut-and-paste attack  (SearchSecurity.com) data splitting  (SearchSecurity.com) deperimeterization  (SearchSecurity.com) Google hacking  (SearchSecurity.com) masquerade  (SearchSecurity.com) snooping  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary