In my previous tip, I discussed how Google.com can be used to perform security scans against your public-facing servers -- Windows, IIS, Apache and (heaven forbid) SQL Server. You can profile servers, find files containing sensitive information and detect "hidden" login pages, server log files and a whole lot more. In this tip, I will describe some neat Google tools and basic queries to help you ferret out the sensitive information that, although you may not realize it, is accessible to the public.
Use the following table of contents to navigate to each section of this tips series.
TABLE OF CONTENTS
About the author: Kevin Beaver is an independent information security consultant, author and speaker with Atlanta-based Principle Logic, LLC, where he specializes in information security assessments for those who take security seriously and incident response for those who don't. He is author of the book Hacking For Dummies and co-author of the upcoming book Hacking Wireless For Dummies, both by Wiley Publishing. Send your ethical hacking questions to Kevin today.
More information from SearchWindowsSecurity.com