Popular in Course
verified elite notetaker
Popular in Department
This 5 page Study Guide was uploaded by kimwood Notetaker on Monday November 9, 2015. The Study Guide belongs to a course at a university taught by a professor in Fall. Since its upload, it has received 19 views.
Reviews for ISSC363_Assignment_1
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 11/09/15
INFORMATION GATHERING 1 Information Gathering: Foot Printing and Scanning Brian Page American Military University Introduction NETWORK SECURITY 2 Information gathering, sometimes called foot printing or scanning, is probably one of the most important phases in penetration testing. It shows how an attacker views a network from the outside and can help in determining vulnerabilities that can be exploited, open ports and the hosts and services that are running on each port. It also creates a profile of the targets organizations systems and networks. I personally prefer BackTrack Linux for accomplishing the task as there are many tools included in the release that are useful. There are many different types of information gathering that an attacker can use, from passive to active and even anonymous foot printing. Attackers are even able to use the internet to accomplish what we call internet foot printing; this is where the attacker collects information about the target on the internet. Information Gathering The first step that I take when information gather is to see what is readily available about the target on the internet; this is called internet foot printing. Using sites such as google.com and bing.com to extract information about the target such as the technology platforms they use, employee details, and login and intranet pages. This assists in social engineering and other types of advanced attacks. Using a search engine cache can also provide sensitive information that has been removed from the web about the company. You can also you Google Earth to collect location information about the target. In some cases, it is relevant to use a people search to find out information about the employees that may be potential targets for social engineering attacks. People searches can provide the following information about a target; address, contact numbers, date of birth, and email addresses. Some of the different people searches that can be used are yahoo people search, 123people.com, peoplefinders.com, or zaba search. Social networking is also a valuable treasure of information to be had by attackers. So you cannot forget about them. NETWORK SECURITY 3 Almost every company and person has a profile on some type of social media. Whether it is Twitter, Facebook or Google Plus. Another resource for foot printing that is often overlooked is job sites. An attacker is able to gather the infrastructure details of a company through their job postings, details like job requirements, employee profiles, hardware information, and software information are often posted on these sites. Conducting a Whois lookup of the company can also provide the attacker with critical information in developing a network profile such as physical location, telephone numbers, email addresses and technical and administrative contacts. It can also give an attacker the network range of the company’s network, or the range of IP Addresses assigned to the company. Port Scanning Port scanning is a method that attackers use to discover exploitable channels. An attacker will “probe” certain ports and see if they get a response from the listener. To accomplish this I use Backtrack 5 and the NMAP tool. The NMAP tool is used to rapidly scan networks using IP packets to determine what hosts are available on the network and what services the hosts offer. It also can identify what operating system and version that they are running, what packet filters are in use, and what types of firewalls the company or individuals are using. I usually start with a SYN Scan (sS) because it is quick and not very intrusive because it does not complete the TCP connection. If the SYN Scan is not an option, I usually move to a TCP connect scan (sT). The scan will usually determine what ports are active or listening and which are not. This gives an entry point for the attack on a port through a service that can be exploited. Typically, port 80, which is known as the hypertext transfer protocol port is open and listening NETWORK SECURITY 4 and can be exploited. Another tool that I use in network analysis is called Zenmap. One advantage to this is that it provides the network hop distance, workgroups and user accounts. Conclusion While there are many methods that Black Hats and White Hats can use to conduct foot printing and port scanning of a target system, the method and software tools that are used in accomplishing this task vary on personal preference and knowledge of the tool that is being used. I would say that you should use what you are most comfortable with, whether that is a windows application or a Linux based application such as BackTrack. The methods described above a true and have been tested over time by dozens of experienced penetration testers. NETWORK SECURITY 5 References Cited Backtrack linux penetration testers distrobution. (2013, MAR 27). Retrieved from http://www.backtracklinux.org/ Kaven, O. (2003, Dec 30). Nmap ; nmap (free download) is a sophisticated port scanner with versions available for linux, unix, and windows platforms. PC Magazine, 22, 122127. Retrieved from http://search.proquest.com/docview/203717235?accountid=8289 McClure, S., & Scambray, J. (1998). TCP fingerprinting solutions for linux offer another way to gather security data. InfoWorld, 20(43), 74. Retrieved from http://search.proquest.com/docview/194330463?accountid=8289 Rubens, P. (2007, DEC 13). Master port scanning with nmap. Retrieved from http://www.enterprisenetworkingplanet.com/netsecur/article.php/3716606/MasterPort ScanningwithNmap.htm
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'