Using Basic Countermeasures

Footprinting can be a powerful tool in the hands of an attacker who has the knowledge and patience to dig up the information that is available about any entity online. Although footprinting is a powerful tool, there are some countermeasures that can lessen its effect to varying degrees.

Here are some of the defenses that can be used to thwart footprinting:

  • Website—Any organization should take a hard look at the information available on the company website and determine whether it might be useful to an attacker. Any potentially sensitive or restricted information should be removed as soon as possible along with any unnecessary information. Special consideration should be given to information such as email addresses, phone numbers, and employee names. Access to such information should be limited to only those who require it. Additionally, the applications, programs, and protocols used by a company should be nondescript to avoid revealing the nature of services or the environment.

  • Google hacking—This attack can be thwarted to a high degree by sanitizing information that is available publicly wherever possible. Sensitive information, either linked or unlinked, should not be posted in any location that can be accessed by a search engine, as the public locations of a web server tend to be.

  • Job listings—When possible, use third-party companies for sensitive jobs so the organization’s identity is unknown to all but approved applicants. If third-party job sites are used, the job listing should be as generic as possible, and care should be taken not to list specific details or versions of applications or programs. Consider carefully crafting job postings to reveal less about the IT infrastructure.

  • Domain information—Always ensure that domain registration data is kept as generic as possible and that specifics, such as names, phone numbers, and the like, are avoided. If possible, employ any one of the commonly available proxy services to block the access of sensitive domain data. An example of one such service is shown in FIGURE 5-15.

  • Personnel social media posts—Be especially vigilant about information leaks generated by well-intentioned personnel who may post information in technical forums or discussion groups that may be too detailed. More important, be on the lookout for personnel who may be disgruntled and may release sensitive data or information that can be viewed or accessed publicly. It is not uncommon for information leakage to occur around events such as layoffs, mergers, or contract terminations.

  • Insecure applications—Make it a point to regularly scan search engines to see whether links to private services are available (Terminal Server, Outlook Web App [OWA], virtual private networks [VPNs], and so on). Telnet and FTP have similar security problems because they both allow anonymous logon and passwords in cleartext. Consider replacing such applications with a more secure application, such as Secure Shell (SSH) or comparable wherever possible.

  • Securing DNS—Sanitize DNS registration and contact information to be as generic as possible (for example, “Web Services Manager,” main company phone number 555-1212, [email protected]). Have two DNS servers—one internal and one external in the demilitarized zone (DMZ). The external DNS should contain only resource records of the DMZ hosts, not the internal hosts. For additional safety, do not allow zone transfers to any IP address.

FIGURE 5-15
Domains by proxy.

CHAPTER 5 ASSESSMENT

  1.   1. What is the best description of footprinting?

    1. A. Passive information gathering

    2. B. Active information gathering

    3. C. Actively mapping an organization’s vulnerabilities

    4. D. Using vulnerability scanners to map an organization

  2.   2. Which of the following is the best example of passive information gathering?

    1. A. Reviewing job listings posted by the targeted company

    2. B. Port scanning the targeted company

    3. C. Calling the company and asking questions about its services

    4. D. Driving around the targeted company connecting to open wireless connections

  3.   3. Which of the following is not typically a web resource used to footprint a company?

    1. A. Company website

    2. B. Job search sites

    3. C. Internet Archive

    4. D. Phone books

  4.   4. If you were looking for information about a company’s financial history, you would want to check the ________ database.

  5.   5. Which of the following is the best description of the intitle tag?

    1. A. Instructs Google to look in the URL of a specific site

    2. B. Instructs Google to ignore words in the title of a specific document

    3. C. Instructs Google to search for a term within the title of a document

    4. D. Instructs Google to search a specific URL

  6.   6. If you need to find a domain that is located in Canada, the best RIR to check first would be ________.

  7.   7. You have been asked to look up a domain that is located in Europe. Which RIR should you examine first?

    1. A. LACNIC

    2. B. APNIC

    3. C. RIPE

    4. D. ARIN

  8.   8. SNMP uses encryption and is therefore a secure program.

    1. A. True

    2. B. False

  9.   9. You need to determine the path to a specific IP address. Which of the following tools is the best to use?

    1. A. IANA

    2. B. Nslookup

    3. C. Whois

    4. D. Traceroute

  10. 10. During the footprinting process, social networking sites can be used to find out about employees and look for technology policies and practices.

    1. A. True

    2. B. False

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
13.58.247.31