Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - Spot Checking Websites using Google Alerts InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Spot Checking Websites using Google Alerts

Published: 2008-02-03
Last Updated: 2008-02-04 05:20:38 UTC
by Scott Fendley (Version: 1)
0 comment(s)

While thinking of ideas of what cool and interesting thing I could share with our readers, it came to mind that I haven't shared a tip that another university employee (thanks Chris) gave me long ago. 

As most of you know, University environments have some unique problems when it comes to data security that are the result of a cultural mindset.  Academic environments are very edge-focused where departments, research groups, and individual professors are used to being semi-autonomous and providing much of their budgets and staff.  The central IT group tends to provides only bandwidth and a few central services such as email or web server space, DNS services and the like.  And the faculty and staff tend to reject any form of restrictive uniform security policy leaving the institute with a very uneven security landscape.

With this in mind, university networks end up with a number of unofficial webservers hosting student organization websites, or virtual organizations for professors.  Web developers of these web servers may graduate or leave for other positions within the university leaving the site with little or no maintenance.  As the central information security officer, I do not have the ability to know every single PHP or cgi based program running on every web system on our campus.

Using tools like nmap and nessus you should be able to spider your network and identify the webservers and do some level of research and keep an eye on new servers and applications.  However, it would be nice to have something monitoring your websites and alerting on new pages without having pages of results of things you have already seen or dealt with.

Google already is spidering your public hosts routinely, so why not let it do some of the leg work for you.  Using Google Alerts , I have placed some alerts out to catch comment spam being added to guest books and blogs and this idea can be extended to other keywords that you need to spot check. 

The following are some of the rules that I have found useful in finding these web applications and having a chance to remediate some problems prior to them becoming bigger problems.  Remember to change the site: keyword to your domain name if you use these rules.

oxycontin OR levitra OR ambien OR xanax OR paxil OR porn
texas-holdem OR cialis OR viagra
wordpress OR phpbb OR guestbook

If you have other Google alerts rules you are using that might be useful, please feel free to share them.  In the meantime, happy Carnival, Mardi Gras week and Super Bowl Sunday.

0 comment(s)
Diary Archives