Footprinting, the
first step in ethical hacking, refers to the process of collecting
information about a target network and its environment. Using
footprinting you can find various ways to intrude into the target
organization's network system. It is considered "methodological"
because critical information is sought based on a previous discovery.
Once you begin the
footprinting process in a methodological manner, you will obtain the
blueprint of the security profile of the target organization. Here
the term "blueprint" is used because of result that you get
at the end of footprinting refers to the unique system profile of the
target of organization.
There is no single
methodology for footprinting as you can trace information in several
routes. However, this activity is important as all crucial
information need to be gathered before you begin hacking. Hence, you
should carry out the footprinting precisely and in an organized
manner.
You can collect
information about the target organization the means of footprinting
in four steps:
1. Collect basic
information about the target and its network
2. Determine the
operating system used platforms running, web server versions etc.
3. Perform
techniques such as Whois, DNS, network and organizational queries
4. Find
vulnerabilities and exploits for launching attacks
Furthermore, we will
discuss how to collect basic information, determine operating system
of target computer, platforms running, and web server versions,
various methods of footprinting.
Why Footprinting?
For attackers to
build a hacking strategy, they need to gather information about the
target organization's network, so that they can find the easiest way
to break into the organization's security perimeter. As mentioned
previously, footprinting is the easiest way to gather information
about the target organization; this plays a vital role in the hacking
process.
Footprinting helps
to:
- Know Security
Posture
Performing
footprinting on the target organization in a systematic and
methodical manner gives the complete profile of the organization's
security posture. You can analyze this report to figure out loopholes
in the security posture of your target organization and then you can
build your hacking plan accordingly.
- Reduce Attack Area
By using a
combination of tools and techniques, attackers can take an unknown
entry (for example XYZ Organization) and reduce it to a specific
range of domain names, network blocks, and individual IP addresses of
system directly connected to the Internet, as well as many other
details pertaining to its security posture.
- Build Information
Database
A detail footprint
provides maximum information about the target organization. Attackers
can build their own information database about security weakness of
the target organization. The database can then be analyzed to find
the easiest way to break into he organization's security perimeter.
- Draw Network Map
Combination
footprinting techniques with tools such as Tracert allows the
attacker to create network diagrams of the target organization's
network presence. This network map represents their understanding of
the target's Internet footprint. These network diagrams can guide the
attacks.
Objectives of
Footprinting
The major objectives
of footprinting include collecting the target's network information,
system information, and the organizational information. By carrying
out footprinting at various network levels, you can gain information
such as: network blocks, network services and applications, system
architecture, intrusion detection systems, specific IP address, and
access control mechanisms. With footprinting, information such as
employee names, phone numbers, contact addresses, designations, and
work experience, and so on can also be obtained.
Комментариев нет:
Отправить комментарий