This tip originally appeared on SearchWindowsSecurity.com, a sister site of SearchSMB.com.
In my previous tip, I discussed how Google.com can be used to perform security scans against your public-facing servers -- Windows, IIS, Apache and (heaven forbid) SQL Server. You can profile servers, find files containing sensitive information and detect "hidden" login pages, server log files and a whole lot more. In this tip, I will describe some neat Google tools and basic queries to help you ferret out the sensitive information that, although you may not realize it, is accessible to the public.
Use the following table of contents to navigate to each section of this tips series.
TABLE OF CONTENTS
Why use Google to scan for security vulnerabilities
Google tools for automated hacking tests
Google queries for manual hacking tests
Four steps to safeguard Windows data from Google hackers
About the author: Kevin Beaver is an independent information security consultant, author and speaker with Atlanta-based Principle Logic, LLC, where he specializes in information security assessments for those who take security seriously and incident response for those who don't. He is author of the book Hacking For Dummies and co-author of the upcoming book Hacking Wireless For Dummies, both by Wiley Publishing. Send your ethical hacking questions to Kevin today.
More information from SearchWindowsSecurity.com
Tip: Get a sampling of the information you can find with Google
Tip: Learn how to scan Windows machines against specific patches
Topic: Research Windows product flaws and vulnerabilities
Do you have comments on this tip? Let us know.
