Читать книгу Hacking For Dummies - Kevin Beaver - Страница 66

Getting an outside look can turn up a ton of information about your organization and systems that others can see, and you do so through a process often called footprinting. Here’s how to gather the information:

 Use a web browser to search for information about your organization. Search engines, such as Google and Bing, are great places to start.

 Run network scans, probe open ports, and seek out vulnerabilities to determine specific information about your systems. As an insider, you can use port scanners, network discovery tools, and vulnerability scanners (such as Nmap, SoftPerfect Network Scanner, and GFI LanGuard) to see what’s accessible and to whom.

Whether you search generally or probe more technically, limit the amount of information you gather based on what’s reasonable for you. You might spend an hour, a day, or a week gathering this information. How much time you spend depends on the size of your organization and the complexity of the information systems you’re testing.

The amount of information you can gather about an organization’s business and information systems can be staggering and often widely available. Your job is to find out what’s out there. This process is often referred to as open-source intelligence (OSINT). From social media to search engines to dedicated intelligence-gathering tools, quite a bit of information is available on network and information vulnerabilities if you look in the right places. This information potentially allows malicious attackers and employees to access sensitive information and target specific areas of the organization, including systems, departments, and key people. I cover information gathering in detail in Chapter 5.