Perimeter Security, Google Dorking, VirusTotal, and Data Classification

Google Dorking & Open-Source Reconnaissance

Technique Demonstrated: Using Google’s advanced search operators (often called “Google dorks”) to locate publicly exposed files that contain valuable information such as credentials.
- Example query typed in chat: filetype:xls intext:passwords
  • filetype:xls – restricts results to Excel spreadsheets.
  • intext:passwords – returns pages/files whose textual contents include the word “passwords”.
  • Result: Spreadsheets that store usernames / passwords in plaintext.
- Additional query shown live: filetype:sql intext:password
  • Targets SQL database dumps containing password fields (often “password=”, “pwd=”, etc.).
- Admin page discovery dork: intitle:admin inurl:admin
  • Returns web pages whose
Security Message: These search tricks illustrate how trivially attackers can discover misconfigured or unintentionally public assets. Organizations should:
- Remove sensitive data from publicly reachable locations.
- Use robots.txt or Google Search Console “Remove URL” for accidental exposures.
- Enforce principle of least privilege & strong authentication on any admin endpoint.

After downloading a suspicious spreadsheet, the speaker uploads it to VirusTotal to confirm it is malware-free.
- VirusTotal aggregates > 70 AV engines: ClamAV, Baidu, Google, Fortinet, etc.
- Output in demo: 0/0 detections → “clean” according to vendors.
Best Practice: Always scan unknown files, macros, or executables before opening, even if sourced from “trusted” search results.

“Demanding compliance is possible, but it does not gain trust.”
• Implication: Effective social engineering often relies on rapport, empathy, or authority—not just force.

Definition: Controls placed at the physical boundary of a facility to restrict unauthorized entry and protect digital assets from physical tampering.

Fences, walls, locked doors, turnstiles, bollards (steel posts blocking vehicles).
Example: Bollards positioned outside data-center front doors to stop car ramming.

Patrol, badge checks, visitor logs.
Two-Person Integrity (TPI): Critical areas (e.g., vaults) require two authorized individuals simultaneously.
Surveillance: CCTV, strategically located to minimize blind spots.

Infrared sensors: Detect body heat or IR beams crossed.
Ultrasonic sensors: Emit sound waves, measure reflection; also used in vehicle reverse systems.
Pressure sensors: Floor mats or under-tile detectors trigger when weight is applied.

Man Trap / Security Vestibule
• Small chamber with two interlocking doors—second door opens only after first closes and identity is verified.
• High-security sites (data centers, secure labs).
Reception / Waiting Room
• Medium control environment; staffed, camera-monitored.
Motion-Activated Egress Doors
• Example from class: Attacker used aerosol spray to trip motion sensor from outside, forcing door to open (illustrates placement risk).
Electronic Locks & Badges
• Configurable for time-of-day, role-based entry.

Used by defenders for surveillance of large perimeters; conversely, attackers may use them for recon.

Metal enclosure preventing external RF signals (EMI) from interacting with internal electronics.
- Incident-response use case: Place confiscated mobile device/laptop inside cage bag to block remote wiping or GPS/Cell signals.
- Sizes range from phone-size pouches to whole rooms.

Why Protect Cables? Availability: Cut or tapped power/network cables = downtime or data breach.
PDS = physically secure cabling pathways for classified or mission-critical traffic.
- Hardened-Carrier PDS: Cables run through rigid, tamper-resistant conduit (electrical metallic tubing).
- Alarmed-Carrier PDS: Fiber or sensors inside conduit detect acoustic vibration; intrusion triggers alarms.
Cable Locks (laptop lock-slots, rack braces) once common for endpoint theft deterrence.

Goal: Ensure each data element receives protection proportional to its value & sensitivity.

Public
Restricted
Confidential / Private / Sensitive
Critical
“Do Not Store” (e.g., full PAN – Primary Account Number per PCI-DSS, raw biometric templates).

Regulated Data – subject to laws/regulations (e.g., GDPR PII, HIPAA PHI).
Copyrighted / Intellectual Property – creative works under legal protection.
Trade Secrets – proprietary formulas, algorithms, strategy docs kept undisclosed.
Legal Information – case files, contracts, privileged communications.
Financial Information – monetary transactions, ledgers, account balances.

Human-Readable: Text, CSV, HTML—directly interpretable.
Non-Human-Readable / Machine-Readable: Serialized formats (JSON, XML), binary blobs, compiled code; require software for interpretation.

Physical Access → Logical Compromise: If an attacker can touch the hardware, they can often bypass logical controls (e.g., cold-boot attacks, drive imaging).
Electromagnetic Interference (EMI): Data can leak via emanations; shielding (TEMPEST, Faraday) mitigates.
Data Remanence: Deleted info can be recovered unless media is cryptographically wiped or physically destroyed.
Availability (CIA Triad) highlighted when discussing cable sabotage.

Memorize Google dork syntax for security assessments, but emphasize legal boundaries (only test with authorization).
When designing a facility, perform Physical Penetration Testing: sensors placement, tailgating resistance, man-trap effectiveness.
Map data flows → apply correct classification label → enforce storage, transmission, and disposal controls accordingly.
Incorporate VirusTotal (or similar multi-AV services) into incident-response and SOC triage pipelines.