The search engine's deceptive role of information mining from the crawled web servers has been gravely misunderstood. The general perception of search engine being an information locator is a universal truth. The 24x7 availability of the updated information makes it a potential information search tool for the routine users in general and hackers in specific. Hackers are actively using the updated indexed web repositories as a potential hacking aid in locating the mis-configured servers or sensitive information. This paper actively explores the issue with hands on searches and results with solutions that could easily keep the prying eyes of the search engine spiders at bay.
[...] Keyword Searches Example: Cisco Academies Phrased Searches Example: “Cisco Academies” AND Operator Searches Example: Cisco AND Academies + Operator Searches Example: The+Cisco+Academies Operator Searches Example: Cisco-Academies 2. ADVANCE SYNTAX a. b. c. d. intitle: Restricts the search term to appear only in the title on the page. This turns out to be very useful, as many technologies create default pages such as "Terminal Services Web Connection", “Welcome to IIS 4.0 or “Outlook Web Access”. intext: Restricts the search term to the body of the text itself, ignoring titles and URL's. insite: Restricts the search to a specific domain. [...]
[...] Trace-routing a hacker's IP address to its source often SEARCH ENGINES ‘Wikipedia.org' defines the search engine concepts as follows. A search engine is an information retrieval system designed to help find information stored on a computer system. The ends at a hop completely unrelated to the hacker's actual ISP or local network, which makes reporting the hacker to the upstream provider difficult. Search engines are dangerous largely because users are careless. In the age of DSL and broadband cable accounts, users often keep their machines turned on and connected to the Internet for days. [...]
[...] For example, by searching the internet with query text ‘password filetype:XLS' would result in links containing spreadsheets which in turn may contain the word password Figure Security Report Generated By NESSUS 5.0 SOLUTIONS The security threats posed by the search engine could be tackled at two levels. LEVEL The information put to public use on the internet through web sites or in the folder accessible to the web crawlers needed to be relooked and classified as per the standards of the Web Site Security Standards This handbook is a guide to develop computer security policies and procedures for sites on the Internet. The purpose of this handbook is to provide practical guidance to administrators trying to secure their information and services. [...]
[...] One can search for the specific reports using the query text as (intitle:"Nessus Scan Report" "This file was generated by Nessus”) On visiting one of the web links generated by above query string, http://ws.edu.isoc.org/workshops/2005/PACNOGI/day2/nessus/sampe-report2/202_62_122_30/index.html information as shown in Figure intended for internal use only, was displayed Restrict all access by all robots LEVEL The common pattern of thwarting any security threat is to have the understanding of the syntax and semantics of its core working The search engines have their own working model specific to crawling and indexing techniques. [...]
[...] Ramos, "Search Engines as a Security Threat," Computer, vol no pp. 25-30, Oct W. Arbaugh, N.Shankar, J. Wan, “Your 802.11 Wireless Network has No Clothes”, Department of Computer Science, University of Maryland, available at S. McClure, J. Scambray and G. Kurtz, Hacking Exposed Network Security Secrets & Solutions. McAfee, Tata McGraw Hill, pages 15- M.S. Gast, 802.11 Wireless Networks, The Definitive Guide”, Oreilly, Pages 32-66, Oct 2006. C.R. Ameter, R.A. Griffith, J.K. Pickett, “WHIFF Wireless Intrustion Detection System”, Foundstone & Carnegie Mellon University Kartik Trivedi, “Indentifying Information Leaks with Search Engines”, Foundstone Site Digger January 2005 Heiser, Jay, and W. [...]
Online readingwith our online reader
Content validatedby our reading committee