TCOM 5990 1

Information Assurance Management

Casing the Establishment

TCOM 5990 2

Target Acquisition

• Systematic Footprinting -building a profile of your security posture

• Focused on information relating to Internet, intranet, remote access and extranet…of your system

TCOM 5990 3

Internet Footprinting

• Determine the Scope of Your Activities– Open Source

– SEC EDGAR DB

– Countermeasure: Public Database Security...

TCOM 5990 4

Internet Footprinting

• Network Enumeration– InterNIC DB

– Organizational Query -”Whois”• All information related to a particular

organization• May be hundreds or thousands of entries

TCOM 5990 5

Internet Footprinting

– Domain Query• The registrant

• The domain name

• The admin contact

• When the record was created and updated

• The DNS servers

TCOM 5990 6

Internet Footprinting

– Network Query• American Registry of Internet

Numbers

• Other Domains the DNS server is authoritative

• Backbone provider, network class

• Confirm network belongs to target

TCOM 5990 7

Internet Footprinting

– POC Query• All e-mail addresses of POCs

• Complete help reference

TCOM 5990 8

Internet Footprinting

• Countermeasure: Public Database Security– Update admin, tech, and billing

information

– Fictitious contact as tripwire

TCOM 5990 9

Internet Footprinting

• DNS Interrogation– Serious misconfiguration

– Internet Zone Transfers

– Can provide a complete roadmap of an organizations internal network

TCOM 5990 10

Internet Footprinting

• Countermeasure: DNS Security– Reduce the available information

– External servers must never be configured to reveal internal network information

TCOM 5990 11

Internet Footprinting

• Network Reconnaissance– Tracerouting

– Build an access path diagram

• Countermeasure: IDS– RotoRouter - logs traceroute requests and

generates false responses