Upload
may-thompson
View
219
Download
0
Embed Size (px)
Citation preview
TCOM 5990 1
Information Assurance Management
Casing the Establishment
TCOM 5990 2
Target Acquisition
• Systematic Footprinting -building a profile of your security posture
• Focused on information relating to Internet, intranet, remote access and extranet…of your system
TCOM 5990 3
Internet Footprinting
• Determine the Scope of Your Activities– Open Source
– SEC EDGAR DB
– Countermeasure: Public Database Security...
TCOM 5990 4
Internet Footprinting
• Network Enumeration– InterNIC DB
– Organizational Query -”Whois”• All information related to a particular
organization• May be hundreds or thousands of entries
TCOM 5990 5
Internet Footprinting
– Domain Query• The registrant
• The domain name
• The admin contact
• When the record was created and updated
• The DNS servers
TCOM 5990 6
Internet Footprinting
– Network Query• American Registry of Internet
Numbers
• Other Domains the DNS server is authoritative
• Backbone provider, network class
• Confirm network belongs to target
TCOM 5990 7
Internet Footprinting
– POC Query• All e-mail addresses of POCs
• Complete help reference
TCOM 5990 8
Internet Footprinting
• Countermeasure: Public Database Security– Update admin, tech, and billing
information
– Fictitious contact as tripwire
TCOM 5990 9
Internet Footprinting
• DNS Interrogation– Serious misconfiguration
– Internet Zone Transfers
– Can provide a complete roadmap of an organizations internal network
TCOM 5990 10
Internet Footprinting
• Countermeasure: DNS Security– Reduce the available information
– External servers must never be configured to reveal internal network information
TCOM 5990 11
Internet Footprinting
• Network Reconnaissance– Tracerouting
– Build an access path diagram
• Countermeasure: IDS– RotoRouter - logs traceroute requests and
generates false responses