WEB-FACING DOCUMENTS
OTHER SEARCH ENGINES
The discussion has concentrated on Google so far as a means of cre-ating awareness regarding the vulnerabilities of Web-facing documents.
Other search engines, however, also offer capabilities for data mining the Web. Dogpile® is one of note. It is a multisearch engine in that it searches Google, Yahoo!®, MSN Search, and Ask.com™ at the same time. So, Dogpile supplies very broad search capability.
Having an Advanced Web Search page, Dogpile like Google permits qualifying a search by “All of these words,” “The exact phrase,” “Any of these words,” or “None of these words.” Dogpile’s Advanced Web Search also allows selection of language, date range, and domain (.gov, .edu, .com, and so on). Selecting the Results Display option permits sorting output by relevance to the search term (the most relevant first) or by search engine. Like with Google’s Advanced Search, Dogpile also permits search filtering to screen out explicit adult content, and both Dogpile and Google permit searching for images not just text.
Ask.com offers numerous search tools in a menu format allowing a researcher to choose from Web, images, news, maps, Encyclopedia, blogs and feeds, and the like. Blogs, by the way, are a growing mation source on the Web. Do not underestimate the amount of infor-mation that lies in this twenty-first century mode of communication.
Someone may be acting as a watchdog of your organization and docu-menting a great deal on a regular basis. Be on the lookout. The search engine provides a preview binocular feature for certain sites, enabling the user to see the Web page before actually clicking on the link. Some-where on the Web, someone has written about or otherwise docu-mented your organization or you as an individual. Ask.com provides a convenient way to discover your “footprint” on the Web.
Table 2.3: Expanding a Google Search Location Text
location
File Type Keywords Range Pattern
“John Jones, Jr.”
intext “John Jones, Jr.”
allintext filetype:xls “John Jones, Jr.”
salary
site:com allintext filetype:xls “John Jones, Jr.”
salary
site:com allintext filetype:xls “John Jones, Jr.”
salary
$50000..$150000
site:com allintext filetype:xls “John Jones, Jr.”
salary
$50000..$150000 Regular expres-sion for Social Security number Note: The search starts with just the target’s name, but it increases in specifying particular data. Finally, it asks for a document, an Excel spreadsheet, which contains the subject’s salary information and any data resembling the pattern for a Social Security number.
Alta Vista™ at http://www.altavista.com has an Advanced Search very similar to Dogpile’s. It includes filtering by file type, domain, host (site), link, title, and URL, but, in addition, it offers searching by Boolean expressions, which is a fancy term for including AND, NOT, and OR in searches. These reserved words add a precision to doing textual searches, for example:
1. “Peanut butter” AND jelly returns pages containing both.
2. Peanut NOT butter returns any pages with references to
“peanut” but none that contain “peanut butter.”
3. Peanut OR walnut returns pages containing either term.
The usefulness of this search strategy comes into play when a name is fairly common or used in multiple contexts. For example, Francis Bacon is a famous Elizabethan author, but there is also a modern painter by that name. If one searches for the author, the search syntax can be “Francis Bacon” NOT painter.
The resources for locating Web-facing documents and information are immense, regardless of the researcher’s preference for search tools.
Never consider security through obscurity as an option against this re-ality. If sensitive data faces the Web by being accessible to the Internet, then someone will find it. The next and final section of this chapter sug-gests countermeasures for dealing with the challenge.
COUNTERMEASURES
Developing effective countermeasures against unintentionally Web-facing documents requires a good document security policy coupled with the establishment of security zones for a network. The information in Tables 2.2a and 2.2b summarizes both approaches. The cornerstone of the security policy is accurate classification of documents by their sensitivity level. Mandatory labeling of documents provides a method of tracking the location of sensitive information.
Well-defined security zones in the network ensure appropriate depos-itories for documents based upon their security level. Internal firewalls segregate the network into separate security zones. At higher levels of security, IP address segregation further reinforces the integrity of the security zones, and IDS (Intrusion Detection System) monitoring looks for unauthorized traffic between the zones. Deploying software to do
internal checking for sensitive documents being located in incorrect zones is another recommended practice. (Of course, this is a good reason why documents need a security label.) These measures com-bined offer layered security to deter sensitive documents from becom-ing Web-facbecom-ing.
In a network with a well-defined security perimeter, these counter-measures can be quite effective. Yet, the twenty-first century increas-ingly yields an information environment involving mobile computing and information flows that facilitate commerce but diminish the effec-tiveness of a traditional security perimeter. A counterbalance to these trends is a strong intelligence gathering campaign to learn what is avail-able on the Web about one’s own client or organization. The savvy in-formation security professional constantly scours cyberspace to see what data is floating about regarding the entity he or she seeks to protect.
Obviously, despite these efforts some documentation gets created out-side the organization. Information given out at trade shows, professional meetings, and in published articles comes to mind. Policies on external publishing, on public speaking, and on public postings in blogs and in newsgroups are also necessary.
Other information flows such as e-mail, instant messaging (IM), FTP, postings on other Web sites, faxes, and printings to remote printers create a different form of documentation, which requires effective secu-rity countermeasures. Chapter 3 addresses the challenges of these infor-mation channels. Also, mobile digital devices such as PDAs, laptops, and digital cellular telephones pose unique risks to the security of the docu-ments that they store. Chapter 4 deals with protecting these devices.
Remember to think always in terms of the following security classifi-cations:
• Public • Confidential
• Internal • High Security
• Sensitive
Regardless of where your documents are physically located, re-gardless of the server or digital device that stores them, ask yourself if the level of protection matches the sensitivity of the document. Staying in that frame of mind will minimize information leakage from your organization.