A wonderful NSA document called Untangling the Web, thanks to a FOIA request, is now available and free for all to download and use. Although dated, the book will prove highly useful. If you company or client is exposing data that it shouldn’t to the public Internet, this book will help you find it, so you can correct it.
The copy isn’t perfect. It’s a bit dated, and it’s a straight scan to PDF, so it isn’t searchable, and it’s not the clearest, cleanest copy. I’m cleaning up a copy for my own use right now. I expect to use it, and often. It isn’t a document I’ve been privileged to see before, so I’m excited to have a chance now to study it and learn its techniques.
The most common criticism of it is that it’s dated. Of course. The NSA isn’t going to release its latest and best copy of the guide. But a good security person can take this guide, mentally update it and learn from it, and fill in the gaps with his or her own knowledge gained since 2007. No matter who you are, there is undoubtedly some trick in the guide you haven’t seen elsewhere.
Security professionals, investigative journalists, and others, once they set aside whatever feelings they may have about information from 2007 and from the government, stand to learn a lot from this guide.
Download it. Read it. Mark it up. Add notes. Cross stuff out. Make it yours.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.