Step 5: Harden your Web site against Google hacks

Hopefully, after doing a lot of Google searches, you have found that no sensitive data is revealed through Google. What if data is exposed though? Unfortunately, I can't tell you exactly what to do, because every Web site is different. You should call the problem to the attention of whoever built your Web site immediately though.

If you have to fix the problem yourself, you can sometimes correct the issue through the use of HTML meta tags. For example, if you have pages that the public should never see, then you don't want Google (or other search engines) to index that page. You can prevent the page from being indexed by adding this meta tag to the page:

META HTTP-EQUIV="robots" CONTENT="noindex"

If you have pages that link to pages that you don't want exposed, you can use HTML meta tags to tell the search engine to index the current page, but to not index any of the links that the page contains. The code for this is:

META HTTP-EQUIV="robots" CONTENT="nofollow"

As you can see, Google hacking your own site can be a little bit tedious. If your Web application contains sensitive information though, it is well worth the effort.

Google hacking to test your security

 Home: Introduction
 Step 1: Identify what could be Google hacked
 Step 2: Understand your Web applications
 Step 3: Queries to Google hack your site -- Simple stuff
 Step 4: More complicated Google queries
 Step 5: Harden your Web site against Google hacks

---

More information from SearchWindowsSecurity.com

Learning Center: Google hack Windows servers

Tip: Google your Windows security vulnerabilities

---

ABOUT THE AUTHOR:

Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit his personal Web site at www.brienposey.com. Copyright 2005 TechTarget

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Endpoint security management tools The right security tools for finding Windows desktop weaknesses Using BitLocker in Windows 7 20 days to a more secure enterprise How to get -- and keep -- user support with security MDOP for Windows 7 available now Microsoft's Online Desktop Manager caters to small IT shops Monitoring user activity with network analyzers Using third-party technologies with Microsoft's NAP Understanding Microsoft's NAP's internal and external components Microsoft's NAP can ensure security compliance Microsoft Internet Explorer (IE) Admins can wear many hats using Netcat Patching third-party browsers adds more work in Windows shops Four Internet Explorer 8 Group Policy security settings Safe enterprise Web browsing: Five tips in five minutes Top client security tips of 2006 General security configuration: Step 1 Protection against international domain names, URL handling: Step 3 ActiveX opt-ins, information bar and cross-domain protection: Step 4 Windows Vista and IE7: Step 5 Phishing filter: Step 2

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary system tray  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary