Discussion I
Solomon Kane
Discussion1.docxCareer Relevancy
As you approach your career as a certified ethical hacker, or CEH, you will need to assess security systems through penetration testing. This will require you to analyze different phases of hacking and make recommendations to the organization for the best options available for keeping data secure. Footprinting allows you to do this and is the first step in gathering information about the organization that can be used for assessing data security.
Background:
There are various categories of information security threats, such as network threats, host threats, and application threats. There are also various attack vectors, such as viruses, worms, and botnets that can each compromise an organization’s information security.
In this course, we will cover the motives behind an orchestrated information breach, including the goals and objectives behind information security attacks, attack vectors, threat categories, and the various different types of attacks on a system.
Attackers always have a motive behind their attack. A motive originates out of the notion that the target system contains something of value. Recent examples of this are the data breaches that have occurred with big retailers such as Adidas, Macy's, or Sears. In each of those cases, as is the case in most scenarios where a retailer's system is compromised, attackers are searching for customer information that can be used for financial purposes. An attack may be waged to disrupt the organization’s business operations, to steal valuable information for the sake of curiosity, or even to exact revenge. Therefore, these motives depend on the attacker’s state of mind, reasoning, and resources. Once the attacker has determined a goal, he or she can employ various tools, attack techniques, and methods to exploit the weaknesses in a computer system's security.
As the Internet evolves and the constant progression of cyber-attacks, threats, and warfare become the focal point of data information, the responsibilities of cyber security professionals have expanded to include security mapping. The level of security an information structure has largely determines its efficiency, and security mapping can alert cyber security professionals of potential threats before they materialize. Hackers can use many different methods to breach a system, including malicious code, Trojan horses, open ports, software vulnerabilities, no virus protection, etc.
For attackers to build a hacking strategy, they need to gather information about the target organization's network. This first step is most commonly established through footprinting. Footprinting allows the attacker to gather publicly available, sensitive information. They then use such information to locate the easiest way to break through the organization's security perimeter. As mentioned previously, footprinting methodology makes it easy to gather information about the target organization; this plays a vital role in the hacking process.
Footprinting helps to:
*Know Security Posture: Performing footprinting on the target organization gives the hacker a complete profile of the organization's security posture. Hackers can then analyze the report to identify loopholes and build their plan of attack.
*Reduce Focus Area: By using a combination of tools and techniques, attackers can take an unknown entity and reduce it to a specific range of domain names, network blocks, and individual IP addresses of systems directly connected to the Internet.
*Identify Vulnerabilities: A detailed footprint provides a wealth of information about the target organization. Attackers can build their own information database about security weaknesses of the target organization. Such a database can then help in identifying the weakest chain in the link of the organization's security perimeter.
*Draw Network Map: Combining footprinting techniques with tools such as Tracert allows the attacker to create diagrams of the target organization’s network presence. These network diagrams can guide the attacker in performing an attack.
Groups, forums, and blogs provide sensitive information about a target such as public network information, system information, and personal information. An attacker can register with a fake profile on websites such as Google groups or Yahoo! groups and try to join the target organization’s employee groups where sensitive information may be shared. Attackers then search for information by Fully Qualified Domain Names (FQDNs), IP addresses, and usernames in groups, forums, and blogs.
Prompt
Why would an attacker use footprinting as a way of collecting information on an organization? Explain two examples of footprinting an attacker might use that organizations often overlook.
