CEHv8 BOOTCAMP: MODULE 02-FOOTPRINTING AND RECONNAISSANCE_SET-1 Flashcards
What is Open Source (Passive) Information Gathering?
Collecting information about a target from the publicly accessible sources.
What is Anonymous Footprinting?
Gathering information from sources where the author of the information can’t be identified or traced.
What is Organizational (Private) Footprinting?
Collecting information from an organizations web-based calendar and email services.
What is Active Information Gathering?
Gathering information through social engineering on-site visits, interviews, and questionnaires.
Pseudonymous Footprinting?
Collecting information that might be published under a different name in an attempt to preserve privacy.
Internet Footprinting?
Collecting information about a target from the internet.
What is Footprinting?
The process of collecting as much information as possible about a target network, for identifying various ways to intrude into an organization’s network system.
What are the processes involved in Footprinting a target?
- Collect basic information about the target and it’s network.
- Determine the OS used, platforms running, web server versions, etc.
- Perform techniques such as WHOIS, DNS, network and organizational queries.
- Find vulnerabilities and exploits for launching attacks.
What are 4 things that Footprinting does for an attacker?
- Know Security Posture
- Reduced Attack Area
- Build Information Database
- Draw Network Map
What are the 3 objectives of Footprinting?
- Collect Network Information
- Collect System Information
- Collect Organization’s Information
What information can be gathered when collecting Network Information?
- Domain name
- Internal Domain names
- Network blocks
- IP addresses of the reachable systems
- Rogue websites/private websites
- TCP and UDP services running
- Access control Mechanisms and ACL’s
- Network Protocols
- VPN Points
- ACL’s
- IDS’s running
- Analog/Digital telephone numbers
- Authentication mechanisms
- System Enumeration
What information can be gathered when collecting System Information?
- User and group names
- System banners
- Routing tables
- SNMP Information
- System architecture
- Remote system type
- System names
- Passwords
What information can be gathered when Collecting Organization’s Information?
- Employee details
- Organization’s website
- Company Directory
- Location details
- Address and phone numbers
- Comments in HTML source code
- Security Policies Implemented
- Web server links relevant to the organization
- Background of the organization
- News articles/press releases
What can an attacker gather from Footprinting techniques?
Valuable system and network information such as account details, operating system and installed applications, network components, server names, database schema details, etc.
What are 6 types of Footprinting Threats?
- Social Engineering
- System and Network Attacks
- Information Leakage
- Privacy Loss
- Corporate Espionage
- Business Loss
