2.1 Footprinting Concepts

What is Footprinting?

  • Footprinting is the process of collecting as much information as possible about a target network, for identifying various ways to intrude into an organization's network system.
  • Footprinting is the first step of any attack on information systems; attacker gathers publicly available sensitive information, using which he/she performs social engineering, system and network attacks, etc. that leads to huge financial loss and loss of business reputation.
  • Know Security Posture: Footprinting allows attackers to know the external security posture of the target organization.
  • Reduce Focus Area: It reduces attacker's focus area to specific range of IP address, networks, domain names, remote access, etc.
  • Identify Vulnerabilities: It allows attacker to identify vulnerabilities in the target systems in order to select appropriate exploits.
  • Draw Network Map: It allows attackers to draw a map or outline the target organization's network infrastructure to know about the actual environment that they are going to break.

Objectives of Footprinting

  • Collect Network Information:
    • Domain name
    • Internal domain names
    • Network blocks
    • IP addresses of the reachable systems
    • Rogue websites/private websites
    • TCP and UDP services running
    • Access control Mechanisms and ACL's
    • Networking protocols
    • VPN Points
    • IDSes running
    • Analog/digital telephone numbers
    • Authentication mechanisms
    • System Enumeration
  • Collect System Information:
    • User and group names
    • System banners
    • Routing tables
    • SNMP information
    • System architecture
    • Remote system type
    • System names
    • Passwords
  • Collect Organization's Information:
    • Employee details
    • Organization's website
    • Company directory
    • Location details
    • Address and phone numbers
    • Comments in HTML source code
    • Security policies implemented
    • Web server links relevant to the organization
    • Background of the organization
    • News articles
    • Press releases

results matching ""

    No results matching ""