Google your Windows Security Vulnerabilities

Author: Kevin Beaver Source: TechTarget

If you conduct information security assessment-penetration test, vulnerability assessment, or a wider range of hacker attack simulation testing-there is a test tool that is essential to you.

Google is one of the most popular tools you can use to test Windows security vulnerabilities. Google can be considered a poor vulnerability assessment tool or a security administrator tool with few or even no IT budget. I personally am a supporter of commercial security tools. commercial security tools can provide more comprehensive testing functions, excellent reporting capabilities and other functions, thus simplifying your work. However, the motto "what you get when you pay" is not fully applicable here. Google provides a way to handle things from the perspective of hackers, which may have never been thought of before, or Google can use a variety of security testing tools (commercial, free or open-source) -- and all are free.

Like many external testing tools, Google is helpful in discovering what you are currently providing. However, it also searches the Internet for information that you never know exists or can get. You have several options for your security evaluation. Google homepage, advanced search page, you can even use Google APIs to write your own custom network applications.

When you perform information security testing on your system, the ideal state is that you want to be able to look at it from a hacker's perspective-which Google can do very well. Below are some information that Google can find during your hacker simulation test.

1. credit card information, social security numbers, and other confidential information in network applications and databases that are accessible to the public.

2. webcam)

3. Text processing documents, workbooks, and demonstration documents

4. Outlook Web Access documentation

5. Default (usually insecure) IIS File and custom IIS error information.

6. The website login page should be "hidden"

7. suspicious hosts that do not belong to your network

8. newsgroup records containing sensitive information.

As an example related to the last one, when performing a basic Google Groups search, I found a support group information that I was considering establishing a partner with a network administrator of a telecommunications manufacturer. In his information, he leaked the manufacturer's internal network structure, including the network layout, internal IP address and host name. He leaked too much information and made me feel that I should not trust the company for the sake of sensitive information. I only get this information by simply searching the company name and several keywords-and this is only the beginning for advanced Google search.

For today's high-price vulnerability assessment tool, Google undoubtedly brings a new breath, and its security test query is incomparable. To overcome vulnerabilities, you not only need to think like a hacker, but also need to use new and innovative methods for testing. Google can help you achieve this.

Soon I will discuss the types of Windows tests that can be performed on your system, and Google searches that you can use to ensure the best security of your Windows system.