How Secure is Your Network?

[German_EE]

Time to have a little fun, although this may not be safe for work depending on the laws in your country and where you work.

Go on any search engine (I use Google but YMMV) and use as your search term confidential "do not distribute" don't forget those quotation marks because they're important. After about ten minutes I found lots of accounting stuff, a few engineering documents and some patient information from a hospital. None of this should be on an internet facing server but it got there somehow.

Now, how safe is YOUR network?

[HAL-42b]

No shares on my network. No Windows-NSA machines either. DNSSec and DNSCrypt running on all machines.

NTP sharing can be enabled manually for short periods of time but hasn't been necessary for months. Encryption here and there as necessary.  The printer and the backup devices are not connected, they travel from PC to PC and connect via USB only when necessary.

Other than these I see no reason to go more paranoid unless I had secure computing modules on the machines.

If I need sharing too badly I'd create a separate air gapped network for that specific purpose. You unplug the bule cable and connect the red cable to do your file sharing. You change back when you want the internet.

I realize this would never work in corporate environment but that's why they employ IT people, no?

[Belgarion]

Networks with real security are rare, usually the security only goes as far as limiting who can access the file shares.
In reality though the security of the network doesn't matter much when it's not uncommon for people with access to just give their login credentials to anyone that says they're from IT..

[uncle_bob]

Hi

Probably the better question based on the information the search turns up is -- where did the doc's come from (and how)?

One of the glories of the legal system is that an amazing amount of "confidential" information gets made public in the course of various proceedings.

Yes, it *is* a crazy world.

Bob

[AntiProtonBoy]

Personally I love using this google search parameter:
intitle:"index of"

Basically displays directory listings that were not property hidden by .htaccess configuration. So if you are looking for file names with a specific string, then you'd write:
intitle:"index of" (pdf|epub)

Here is an example of people putting Total Commander FTP passwords in a publicly listed directory:
intitle:"index of" wcx_ftp.ini
https://www.google.com.au/#q=intitle:%22index+of%22++wcx_ftp.ini+

You can limit your search to a specific domain:
intitle:"index of" site:eevblog.com
https://www.google.com.au/#q=intitle:%22index+of%22+site:eevblog.com
(Nice list of EEVBlog clips Dave! Intentional? )


Few other interesting searches:
intitle:"index of" (passwd|password)
intitle:"index of" config.php

... and you get the idea.

Remember, have fun, but play nice.