When thieves decide to rob a bank,they don’t just walk in and start demanding money
(not the high IQ ones, anyway).Instead, they take great pains to gather information about
the bank—the armored carroutes and delivery times, the security cameras and alarm
triggers, the number of tellersand escape exits, the money vault access paths and authorized personnel, and anythingelse that will help in a successful attack.
The same requirement applies to successful cyber attackers. They must harvest a
wealth of information to execute a focused and surgical attack (one that won’t be readily
caught). As a result, attackers will gather as much information as possible about all
aspects of an organization’s security posture. In the end, and if done properly, hackers
end up with a unique footprint, or profile of their target’s Internet, remote access, intranet/
extranet, and business partner presence. By following a structured methodology,
attackers can systematically glean information from a multitude of sources to compile
this critical footprint of nearly any organization.
About footprinting
The systematic and methodical footprinting of an organization enables attackers to create
a near complete profile of an organization’s security posture. Using a combination of
tools and techniques coupled with a healthy dose of patience and mind-melding,
attackers can take an unknown entity and reduce it to a specific range of domain names,
network blocks, subnets, routers, and individual IP addresses of systems directly
connected to the Internet, as well as many other details pertaining to its security posture.
Although there are many types of footprinting techniques, they are primarily aimed at
discovering information related to the following environments: Internet, intranet, remote
access, and extranet.
Technology Identifies
Internet Domain names
Network blocks and subnets
Specifi c IP addresses of systems reachab via the Internet
TCP and UDP services running on each system identifi ed
System architecture (for example, Sparc vs. x86)
Access control mechanisms and related access control lists
(ACLs)
Intrusion-detection systems (IDSs)
System enumeration (user and group names, system
banners, routing tables, and SNMP information)
DNS hostnames
Intranet Networking protocols in use (for example, IP, IPX, DecNET,
and so on)
Internal domain names
Network blocks
Specifi c IP addresses of systems reachable via the intranet
TCP and UDP services running on each system identifi ed
System architecture (for example, SPARC vs. x86)
Access control mechanisms and related ACLs
Intrusion-detection systems
System enumeration (user and group names, system
banners, routing tables, and SNMP information)
Remote access Analog/digital telephone numbers
Remote system type
Authentication mechanisms
VPNs and related protocols (IPSec and PPTP)
Extranet Domain names
Connection origination and destination
Type of connection
Access control mechanism
Cheap domain names hosting services website design easy website solutions online shops and logo design
http://ldms.domains-names-registration.com/links.php
কোন মন্তব্য নেই:
একটি মন্তব্য পোস্ট করুন