Four steps to protect Windows data from Google hackers

Using appropriate countermeasures can help you keep highly confidential information away from Google and cannot be searched by Google hackers. Here are four steps. You can try to do this:

1. Consolidate your server and isolate it from the external environment

Unfortunately, many key servers are still completely exposed to the Internet. Now please tighten your server's access control and put it behind the firewall.

2.set the robots.txt file to prohibit Google Indexing Of Your webpage

You can set the "googlebot" "User-agent:" parameter to protect files and directories on the network server from Google indexing. The method is in "Disallow: "section lists the information you want to keep confidential.

Or, if you want all Web Robots not to access your website or webpage, set the "User-agent:" parameter to "*", but remember, malicious people hanging around the Internet can get this file from your Web Server and see what information you don't want others to see. If this looks like a weakness of the Internet, then it is. You can upload the robots.txt file, but you should allow the robot to index only the specific public pages, or prohibit them from indexing any information starting with the root directory by entering "Disallow.

Please visit The Web Robots Pages (The http://www.robotstxt.org/wc/robots.html vendor gets information on how to configure your robots.txt file and how to execute more anti-bot spoofing. Google also has a FAQ on Googlebot's operation (http://www.google.com/bot.html ).

3. Remove highly confidential information from the public server

Create an organizational policy to protect highly confidential information (such as passwords and confidential files) from servers that are accessible to the public. Otherwise, use any possible access control measures to protect them, ensure that these policies can be enforced, and manage those who violate the rules.

4. Ensure that your server is secure

To maintain server security, use the Google testing tool and Google search I have discussed in this series of techniques to perform hacker testing on the tool.

I highly recommend using automated testing tools, such as SiteDigger and Gooscan for hacker testing. Manual execution of multiple queries is not only slow, boring, but not easy to manage.

Remember, these tests are just mining tests conducted by Google. They do not represent all hackers and Internet security. These are not the best tools to test all system vulnerabilities. As an alternative, you must use "multi-layer" testing: Google and other free, open-source, and-in my opinion, most comprehensive and reliable-commercial tools for testing, these commercial tools I recommend with SPI Dynamics WebInspect (for Web applications, http://www.spidynamics.com /), Application Security's AppDetective (for Web databases, http://www.appsecinc.com/) and Qualys's QualysGuard (for operating system and network Vulnerabilities, http://www.qualys.com /).

If simulated hackers, penetration tests, and general network security audits are part of your responsibilities, these Google Hacking technologies and tools will become part of the security toolbox you need. For the sake of security, Please execute it now and it will be executed frequently later.

About the author: Kevin Beaver is an independent information security consultant and author. He is also a spokesman for Principle Logic and LLC in Atlanta. He specializes in those who need strict security protection, or companies seeking solutions to emergencies provide information security research services. He is the author or co-author of four books on information security, including Hacking for Dummies (_ 1_2/002-6195114-4480811? V = glance & s = books "> http://www.amazon.com/exec/obidos/tg/detail/-/076455784X/qid=1086746862/sr=1-2/ref=sr_1_2/002-6195114-4480811? V = glance & s = books) and the forthcoming Hacking Wireless Networks for Dummies (http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764597302.html ). These books are all planned and published by Wiley Publishing Group. You can contact Kevin Beaver via kbeaver@principlelogic.com, this is his personal mailbox. You can also.