Google Yourself To Identify Security Holes
Try entering your name in a Google search. To narrow results to only those with your full name you should enclose your name in quotation marks. You might be surprised to find out how much information about you is available on the Web. You can do Google searches on a wide variety of information such as your phone number or your social security number and you might discover that there is more sensitive information about you available to the public than you would prefer.
For corporate networks, the efficiency of the Google robots at voraciously collecting any data available on the Web may compromise network security or reveal sensitive information or company trade secrets that should not be available to the public.
Some say Google shouldn't do that or ask that Google remove such information. But, you can't shoot the messenger. Google is just displaying what is available. If sensitive or confidential corporate information is available on the Web the proper thing to do is to find it and protect it within your network, not blame Google for finding it. In fact, there are tools available to help you find such information before an attacker can get a hold of it.
Two such tools are SiteDigger 2.0, a free tool from Foundstone, a division of McAfee, and the Wikto Web Assessment tool. Both utilities require that you install the Microsoft .NET framework and a Google API Key for full functionality. These tools will scan a designated Web site or domain and identify potential vulnerabilities, configuration issues, proprietary information, and other potential security concerns.
For complete details about the perils that Google may represent to your network or Web site, check out Johnny Long's book, Google Hacking for Penetration Testers, or his Web site at http://johnny.ihackstuff.com.
To download the tools mentioned above, you can use these links:
- Foundstone SiteDigger 2.0 (http://www.foundstone.com/resources/proddesc/sitedigger.htm)
- Wikto Web Assessment Tool (http://www.sensepost.com/research/wikto/)
Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security (http://netsecurity.about.com), providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security (http://www.tonybradley.com).