Although many footprinting techniques are similar across technologies (Internet and
intranet), this chapter focuses on footprinting an organization’s connection(s) to the
Internet. Remote access is covered in detail in Chapter 6.
It is difficult to provide a step-by-step guide on footprinting because it is an activity
that may lead you down many-tentacled paths. However, this chapter delineates basic
steps that should allow you to complete a thorough footprinting analysis. Many of these
techniques can be applied to the other technologies mentioned earlier.
Step 1: Determine the Scope of Your Activities
The first item of business is to determine the scope of your footprinting activities. Are
you going to footprint the entire organization, or limit your activities to certain subsidiaries
or locations? What about business partner connections (extranets), or disaster-recovery
sites? Are there other relationships or considerations? In some cases, it may be a daunting
task to determine all the entities associated with an organization, let alone properly
secure them all. Unfortunately, hackers have no sympathy for our struggles. They exploit
our weaknesses in whatever forms they manifest themselves. You do not want hackers
to know more about your security posture than you do, so figure out every potential
crack in your armor!
Step 2: Get Proper Authorization
One thing hackers can usually disregard that you must pay particular attention to is
what we techies affectionately refer to as layers 8 and 9 of the seven-layer OSI Model—
intranet), this chapter focuses on footprinting an organization’s connection(s) to the
Internet. Remote access is covered in detail in Chapter 6.
It is difficult to provide a step-by-step guide on footprinting because it is an activity
that may lead you down many-tentacled paths. However, this chapter delineates basic
steps that should allow you to complete a thorough footprinting analysis. Many of these
techniques can be applied to the other technologies mentioned earlier.
Step 1: Determine the Scope of Your Activities
The first item of business is to determine the scope of your footprinting activities. Are
you going to footprint the entire organization, or limit your activities to certain subsidiaries
or locations? What about business partner connections (extranets), or disaster-recovery
sites? Are there other relationships or considerations? In some cases, it may be a daunting
task to determine all the entities associated with an organization, let alone properly
secure them all. Unfortunately, hackers have no sympathy for our struggles. They exploit
our weaknesses in whatever forms they manifest themselves. You do not want hackers
to know more about your security posture than you do, so figure out every potential
crack in your armor!
Step 2: Get Proper Authorization
One thing hackers can usually disregard that you must pay particular attention to is
what we techies affectionately refer to as layers 8 and 9 of the seven-layer OSI Model—
Politics and Funding. These layers often find their way into our work one way or another,
but when it comes to authorization, they can be particularly tricky. Do you have
authorization to proceed with your activities? For that matter, what exactly are your
activities? Is the authorization from the right person(s)? Is it in writing? Are the target IP
addresses the right ones? Ask any penetration tester about the “get-out-of-jail-free card,”
and you’re sure to get a smile.
While the very nature of footprinting is to tread lightly (if at all) in discovering
publicly available target information, it is always a good idea to inform the powers that
be at your organization before taking on a footprinting exercise.
Step 3: Publicly Available Information
After all these years on the web, we still regularly find ourselves experiencing moments
of awed reverence at the sheer vastness of the Internet—and to think it’s still quite young!
Setting awe aside, here we go…
Publicly Available Information
Popularity: 9
Simplicity: 9
Impact: 2
Risk Rating: 7
The amount of information that is readily available about you, your organization, its
employees, and anything else you can image is nothing short of amazing.
So what are the needles in the proverbial haystack that we’re looking for?
• Company web pages
• Related organizations
• Location details
• Employees: phone numbers, contact names, e-mail addresses, and personal
details
• Current events: mergers, acquisitions, layoffs, rapid growth, and so on
• Privacy or security policies and technical details indicating the types of security
mechanisms in place
• Archived information
• Disgruntled employees
• Search engines, Usenet, and resumes
• Other information of interest
0 comments:
Post a Comment