Security Essentials, Textbook page 78

Copyright Goodheart-Willcox Co., Inc. 78 Security Essentials Reconnaissance Gathering information about an organization or network can provide clues to a tester for gaining entry into a building or system. In black box and gray box testing, a penetration tester collects as much information as possible about an organization and its network. Intelligence gathering is reconnaissance that can be either passive or active. Reconnaissance is discovering and gathering information. Passive Reconnaissance Passive reconnaissance is the discovery and gathering of data without the target being aware it is happening. This type of reconnaissance is accomplished by a tester conducting research or using tools to gather information. Passive reconnaissance includes the following: ■ ■ War driving is the act of moving around, usually in a vehicle, and searching for wireless networks. This includes mapping the location and security settings of an organization. ■ ■ War flying is the act of detecting wireless networks using airplanes or drones/ unmanned aerial vehicles to search for open access points. Due to the expense of airplanes, drones are more probable. Drones can also carry devices that can detect wireless networks. ■ ■ Social engineering is the use of social tools and techniques to obtain infor- mation. Job-posting websites, such as CareerBuilder or Indeed, are good examples as they often reveal information about the organization posting an advertisement. ■ ■ Open-source intelligence (OSINT) is publicly available information freely obtained from multiple sources. ■ ■ Footprinting, or pre-attack technique, is gathering information about a system. This is typically the first step a hacker generally takes in an attack. Active Reconnaissance Active reconnaissance is the active discovery and gathering of data by using tools to interact with a system. This type of activity may be as simple as trying a door to see if it is unlocked or using tools to look for information. Active reconnaissance includes port scanning, banner grabbing, and SMTP que- rying, all of which are likely noticed by a company’s defenses. ■ ■ Port scanning is a method that determines the status of communication ports on a system. Ports are either open, which indicates a port is able to listen and receive information, or closed, meaning the port cannot accept any commu- nication through that channel. A port scanner is an application designed to probe a server or host for open ports. Scanning the system will identify all com- munication entry points on a system. Testers can identify unnecessary ports and running services and use this information to allow for potential access and exploitation. ■ ■ Banner grabbing is the act of requesting information about computer systems or services on a remote system. The banner is a message transmitted from a system to the requesting device. The banner could contain system infor- mation about services and version. This information can be used to identify server functionality and known vulnerabilities that may exist in those software programs. 1.1, 1.8 1.8 1.8

Previous Page Next Page

Security Essentials, Textbook Page 78 (92 of 704)

Help