Series on Information Security -(Weekly) - Phases of Hacking- Part10
Reconnaissance types can be categorized into two types:
Active reconnaissance : The attacker interacts with the system by doing ping weep, port scanning etc. This type of attack can be recognized easily as it generally directly hits the target system to gather the information about the system.
Ping sweep : Range of ip address to which ICMP echo request is send to verify whether the system is alive. You can do it on multiple systems at one go.
DNS search/zone transfer: Collecting information about the different hostnames gives hints about the kind of services and information that is available on the servers.
whois information: One can collect information about the company by using DNS registration information. The DNS registration information can be collected by using whois.
The regional internet registry Database stores information about for their particular region. The information that gets is as mentioned below.
IP address ranges
Routing policies
Reverse DNS delegations
Network contact information
Port scanning : This help us to identify the services that are running on the system so as to find out which system to be targeted.
Passive reconnaissance : The attacker uses techniques like social engineering, publicly available information and dumpster diving.
Social engineering: Making a legitimate user to reveal information about the system. The information could be password, system ip address, services running on the system etc.This threat is more real in nature.Though you have a very good technical security like firewall , IDS and single signon in place, but generally more severe threat comes from information leakage through employees working in the organization passing the information to hacker unknowingly. Hence social engineering should be treated as severe vulnerability. Calling a Helpdesk person as a legitimate employee on phone extension and asking him to reset password is a form of social engineering. Social engineering is more of an art. It generally depends upon your soft skills. The countermeasure to address social engineering attack is through training and education. Companies spend lot of money and resources on technical safeguard to protect the information asset and hence part of the money should also be spend on training people.
Publicly available information: Information that is available by public available media, website are some of the examples. A company can post their requirement as a part of job posting. The information generally reveals what kind of job requirement is there ex. Database Vendor, Number of years of experience required, data mining or what kind of post is vacant for web server deployment, administration and level of expertise required. It also includes job posting for Application servers and the list goes on and on. You can use sites like wayback.archive.org or #-Link-Snipped-# to collect back dated information for a website. This helps us to derive inference on the technology the company uses.
Dumpster Diving: Collecting information from garbage. One can get important information that is discarded by a user from dumpster diving. ex. ATM receipts , password written on paper than crushed and thrown into dustbin.
Active reconnaissance : The attacker interacts with the system by doing ping weep, port scanning etc. This type of attack can be recognized easily as it generally directly hits the target system to gather the information about the system.
Ping sweep : Range of ip address to which ICMP echo request is send to verify whether the system is alive. You can do it on multiple systems at one go.
DNS search/zone transfer: Collecting information about the different hostnames gives hints about the kind of services and information that is available on the servers.
whois information: One can collect information about the company by using DNS registration information. The DNS registration information can be collected by using whois.
The regional internet registry Database stores information about for their particular region. The information that gets is as mentioned below.
IP address ranges
Routing policies
Reverse DNS delegations
Network contact information
Port scanning : This help us to identify the services that are running on the system so as to find out which system to be targeted.
Passive reconnaissance : The attacker uses techniques like social engineering, publicly available information and dumpster diving.
Social engineering: Making a legitimate user to reveal information about the system. The information could be password, system ip address, services running on the system etc.This threat is more real in nature.Though you have a very good technical security like firewall , IDS and single signon in place, but generally more severe threat comes from information leakage through employees working in the organization passing the information to hacker unknowingly. Hence social engineering should be treated as severe vulnerability. Calling a Helpdesk person as a legitimate employee on phone extension and asking him to reset password is a form of social engineering. Social engineering is more of an art. It generally depends upon your soft skills. The countermeasure to address social engineering attack is through training and education. Companies spend lot of money and resources on technical safeguard to protect the information asset and hence part of the money should also be spend on training people.
Publicly available information: Information that is available by public available media, website are some of the examples. A company can post their requirement as a part of job posting. The information generally reveals what kind of job requirement is there ex. Database Vendor, Number of years of experience required, data mining or what kind of post is vacant for web server deployment, administration and level of expertise required. It also includes job posting for Application servers and the list goes on and on. You can use sites like wayback.archive.org or #-Link-Snipped-# to collect back dated information for a website. This helps us to derive inference on the technology the company uses.
Dumpster Diving: Collecting information from garbage. One can get important information that is discarded by a user from dumpster diving. ex. ATM receipts , password written on paper than crushed and thrown into dustbin.
Replies
You are reading an archived discussion.
Related Posts
Quote: When it came to fantastical things that we were afraid were going to come and destroy the world, aliens used to be at the top. But now there's strong...
Totally amazing. Completely useless.
But absolutely absorbing exquisitely competent crazy engineering.
Dropbox - VID-20180222-WA0000.mp4
Got your hands on the new Redmi Note 5 or Note 5 Pro at today's flash sale? If not, then buckle up as the next sale dates have just been...
i mean to say on what should the person focus on during his tenure in post graduation(M.tech)
how should a person develop his skill at design
which subjects are useful...
Quote:
You know you’re an engineer if you know it’s National Engineers Week.
Check out the following tongue-in-cheek indications that you’re an engineer.
They were developed primarily by Design News...