The explosive growth and popularity of the Internet have resulted in thousands of structured query able information sources. Most organizations are familiar with Penetration Testing and other ethical hacking techniques as a means to understanding the current security status of their information system assets. Consequently, much of the focus of research, discussion, and practice, has traditionally been placed upon active probing and exploitation of security vulnerabilities. Since this type of active probing involves interacting with the target, it is often easily identifiable with the analysis of firewall and intrusion detection/prevention device (IDS or IPS) log files. However, too many organizations fail to identify the potential threats from information unintentionally leaked, freely available over the Internet, and not normally identifiable from standard log file analysis.
Most critically, an attacker can passively gather this information without ever coming into direct contact with the organizations servers – thus being essentially undetectable. Very little information has been publicly discussed about arguably one of the least understood, and most significant stages of penetration testing – the process of Passive Information Gathering. This technical paper and information gathering plan reviews the processes and techniques related to the discovery of leaked information. It also includes details on both the significance of the leaked information, and steps organizations should take to halt or limit their exposure to this threat. There are a number of techniques and processes available when carrying out a Passive Information Gathering exercise. A lot of important information can be passively harvested and subsequently used in a direct attack or to reinforce other attacks targeted at an organization.
The Homework on Competitive Intelligence Business Information Organization
19 May 2001 Competitive Intelligence It takes a simple mind to run a simple machine, but a shrewd mind is needed to run an organization, association, or business. Business intelligence has become a big principle in industries throughout the years. "During the second half of the 20 th century, the United States and Canada, Western Europe, as well as Japan and a number of other countries, have ...
Depending upon the source, information such as current service patching levels, internal network architecture layout and account details can be easily obtained. Just as importantly, with a little insight as to where this information is obtained and the level of detail of information, an organization can often rectify this information leakage simply and quickly. The most critical phases or investigation processes revolve around the accessibility of various online resources such as:
* Internet Service Registration – The global registration and maintenance of IP address information
* Domain Name System – Local and global registration and maintenance of host naming
* Search Engines – The specialist retrieval of distributed material relating to an organization or their employees
* Email Systems – The information contained within each email delivery process
* Naming Conventions – The way an organization encodes or categorizes the services their online hosts provide
* Website Analysis – The information intentionally made public, that may pose a risk to security
There are two primary WHOIS resources – Network service-based and Name service-based. As the name suggests, one focuses upon the registration and management of individual blocks of IP addresses. While the other focuses upon the registration and management of domain names. With all of these ways of obtaining information it is nearly impossible to protect your organization against attacks. This is all freely available to the public in most cases and with enough knowledge and the proper skill set and tools anything is possible.
