Module II Footprinting Revisiting Reconnaissance 1 Reconnaissance Reconnaissance refers to the preparatory phase where an attacker seeks to g ather as much 2 Scanning 5 Clearing Tracks g information as possible about a target of evaluation prior to launching an attack It involves network scanning, either external or internal 3 Gaining Access 4 Maintaining Access either external or internal , without authorization Defining Footprinting Footprinting is the blueprint of the security profile of an organization, undertaken in a methodological manner Footprinting is one of the three pre-attack phases An attacker spends 90% of the time in profiling an organization and another 10% in launching the attack Footprinting results in a unique organization profile with respect to networks (I t t/i t t/ t t/ i l ) d (I n t erne t/i n t rane t/ ex t rane t/ w i re l ess ) an d systems involved Why is Footprinting Necessary Footprinting is necessary to systematically and methodically ensure that all pieces of information related to the aforementioned technologies are identified Footprinting is often the most difficult task to determine the security posture of an entity Areas and Information which Attackers Seek Attackers Seek Internet In t r a n et •Domain Name •Network blocks • IP addresses of reacha b le s y stems Internet • Networking protocols used • Internal domain names •Network blocks ta et by • TCP and UDP services running • System architecture •ACLs • IDSes runnin g • IP addresses of reachable systems • TCP and UDP services running • System architecture •ACLs g • System enumeration (user and group names, system banners, routing tables, and SNMP info) • IDSes running • System enumeration Extranet • Analog/digital telephone numbers • Remote system type Remote access • Connection origination and destination • Type of connection lhi Extranet • A uthentication mechanisms • A ccess contro l mec h an i sm If ti Gth i I n f orma ti on G a th er i ng Information Gathering Methodology Methodology Unearth initial information Locate the network range Ascertain active machines Discover open ports/access points Discover open ports/access points Detect operating systems Uncover services on ports Map the metwork Unearthing Initial Information Hacking tool Sam Spade • Domain name lookup • Locations Commonly includes: Locations • Contacts (telephone / mail) Information Sources: • Open source •Whois • Nslookup Finding a Company’s URL Sea rch f o r a co m pa n y ’s U RL usin g a search en g ine such as Goog le Seac oacopaysU usgaseacegesucas Goog e Type the company’s name in the search engine to get the company’s UR L Google provides rich information to perform passive reconnaissance Check newsgroups, forums, and blogs for sensitive information regarding the network Internal URL By taking a guess, you may find an internal company URL bt it You can gain access to internal resources by typing an internal URL • b e t a.xsecur it y.com • customers.xsecurity.com • products.xsecurity.com • Partners.xsecurity.com It t it • I n t rane t .xsecur it y.com •Asia.xsecurity.com • Namerica.xsecurity.com • Samerica.xsecurity.com Japan xsecurity com • Japan . xsecurity . com •London.xsecurity.com •Hq.xsecurityc.om • Finance.xsecurity.com • www2 xsecurity com • www2 . xsecurity . com • www3.xsecurity.com . Module II Footprinting Revisiting Reconnaissance 1 Reconnaissance Reconnaissance refers to the preparatory. without authorization Defining Footprinting Footprinting is the blueprint of the security profile of an organization, undertaken in a methodological manner Footprinting is one of the three. involved Why is Footprinting Necessary Footprinting is necessary to systematically and methodically ensure that all pieces of information related to the aforementioned technologies are identified Footprinting