Search party: why security pros should master Google
- 03 July, 2009 04:00
One of the reasons security is fun and interesting is that it requires a constant upgrade of your skills and knowledge.
Here is a skill that you may not have realized you need, but you need it: Become a master of Internet search.
Obviously I'm talking about a lot more than tossing a few words in the Google box and pushing the search button.
I'm talking about understanding how to run very specific searches to find information leaks within your company and outside of it, whether intentional or accidental. Such leaks might come in the form of intentional, outright posting of sensitive information by ex-employees. Or they might be misconfigured or forgotten Web applications that weren't supposed to be publicly accessible.
Other searches will help you find websites using your organization's trademarks for nefarious purposes, or selling counterfeit or grey-market products in your name.
Still, other searches might turn up scraps of information on your own website that reveal information that hackers use to footprint your systems. Overly informative file-not-found error messages, for example.
* How good are you at Web search?
* Do you know how to find Excel spreadsheets posted on the Web?
* Do you know how to find documents that include key intellectual property phrases?
* Do you know how to winnow broad search results down to just the important ones?
* Do you know how to use Google news alerts and blogging tools to see what's being said about your company?
* Do you know how to find publicly available information as part of an employee background check?
Happily, there is a lot of advice about search on the Web. You don't have to take out a student loan and go back to school to learn this skill.
Here is a wonderful tutorial on basic searches, provided by Google itself.
Here is an older CSOonline.com article that provides four searches you should run on your own company.
More recently investigations manager Brandon Gregg noted the importance of search in his article 5 Free Ways to Track Information Online.
Why not fire up your browser and find other good resources yourself?