Data Gathering and Footprinting Protection Plan
In this report, I will be presenting a plan that will hopefully protects the University from becoming a victim of data gathering and footprinting. First, data gathering is the process of getting any and all kind of information about a specific target. The information may not be important by themselves, but when compile with other data collected could help to accomplish the hacker’s mission. I will talk about what information that is consider sensitive to a University’s system. We will also discuss what makes certain data useful to the attacker and how it can be protected. Last, I will go over the social engineering. These are some of the topics I will be covering in my report.
When an attacker has a target in mind, he or she will try to find ways to gain access. One of the way is by probing the University’s system without being notice. By doing this, the attacker might be able to find a back door that will grant him access to his objective. The attacker will try to find the range of the University’s IP address. He will look for routing information, and mail servers. He will be using WHOIS and Domain Name System (DNS). All of these information are very important are very important to the University’s system.
After getting all the needed data, he will compile them all together to see which one can be of use to help gain access to the University’s system. Most likely, Domain Name System (DNS) will be one information that will be of use to the aggressor. He can use the names or phone numbers listed in the DNS to gather more sensitive data.
Internet Protocol Address range can also be of useful to the attacker. By knowing the IP range, the attacker can port scan and identify active machine on that network.
Although IP address range finding is imposable to protect from hackers, there are still counter measures that can be taken to become a harder target. The Domain Name System can be protected. Make sure that...