nst_2
2
1.0 Introduction
1.1 Introduction to Intelligence Gathering Techniques
Imagine the following scenario:
A military target is to be attacked. Whats the first step considered? Gathering Intelligence,
naturally. To do so, a satellite will photo the target zone and a special recon unit will patrol the
area with maximum caution to eliminate the possibility of detection. After enough information
has been gathered, a wing of stealth bombers will bomb the target Mission accomplished.
Gathering intelligence is extremely important. If the amount of data collected is not sufficient,
or alternatively, if the target is tightly defended, no attack will be launched.
The same is true of computer hacking.
An intelligent hacker will conduct a lot of research before attempting to gain privileged access
to your systems.
If the intelligence gathered shows a poorly defended computer system, an attack will be
launched, and unauthorized access will be gained.
However, if the target is highly protected, the hacker will think twice before attempting to
break in. It will be dependent upon the tools and systems that protect the target.
Again, the key here is the amount of information he has gathered beforehand.
In the computer hacking world, intelligence gathering can be roughly divided into three major
steps:
·
Foot printing
·
Scanning
·
Enumeration
Foot Printing - The information collected by the hacker makes a unique footprint or a profile
of an organization security posture.
With foot printing, using rather simple tools, we gather information such as:
1. Administrative, technical, and billing contacts, which include employee names, email
addresses, and phone & fax numbers.
2. IP address range
3. DNS servers
4. Mail servers
And we can also identify some of the systems that are directly connected to the Internet.
Most of the information here can be freely accessed on the Internet.
Scanning - The art of detecting which systems are alive and reachable via the Internet, and
what services they offer, using techniques such as ping sweeps, port scans, and operating
system identification, is called scanning.
The kind of information collected here has to do with the following: