Tuesday, June 14, 2011


Although many footprinting techniques are similar across technologies (Internet and 
intranet), this chapter focuses on footprinting an organization’s connection(s) to the 
Internet. Remote access is covered in detail in Chapter 6.
It is difficult to provide a step-by-step guide on footprinting because it is an activity 
that may lead you down many-tentacled paths. However, this chapter delineates basic 
steps that should allow you to complete a thorough footprinting analysis. Many of these 
techniques can be applied to the other technologies mentioned earlier.
Step 1: Determine the Scope of Your Activities
The first item of business is to determine the scope of your footprinting activities. Are 
you going to footprint the entire organization, or limit your activities to certain subsidiaries 
or locations? What about business partner connections (extranets), or disaster-recovery 
sites? Are there other relationships or considerations? In some cases, it may be a daunting 
task to determine all the entities associated with an organization, let alone properly 
secure them all. Unfortunately, hackers have no sympathy for our struggles. They exploit 
our weaknesses in whatever forms they manifest themselves. You do not want hackers 
to know more about your security posture than you do, so figure out  every potential 
crack in your armor!
Step 2: Get Proper Authorization
One thing hackers can usually disregard that you must pay particular attention to is 
what we techies affectionately refer to as layers 8 and 9 of the seven-layer OSI Model—

Politics and Funding. These layers often find their way into our work one way or another, 
but when it comes to authorization, they can be particularly tricky. Do you have 
authorization to proceed with your activities? For that matter, what exactly are your 
activities? Is the authorization from the right person(s)? Is it in writing? Are the target IP 
addresses the right ones? Ask any penetration tester about the “get-out-of-jail-free card,” 
and you’re sure to get a smile.
While the very nature of footprinting is to tread lightly (if at all) in discovering 
publicly available target information, it is always a good idea to inform the powers that 
be at your organization before taking on a footprinting exercise.
Step 3: Publicly Available Information
After all these years on the web, we still regularly find ourselves experiencing moments 
of awed reverence at the sheer vastness of the Internet—and to think it’s still quite young! 
Setting awe aside, here we go…
Publicly Available Information
Popularity: 9
Simplicity: 9
Impact: 2
Risk Rating: 7
The amount of information that is readily available about you, your organization, its 
employees, and anything else you can image is nothing short of amazing.
So what are the needles in the proverbial haystack that we’re looking for?
• Company web pages
• Related organizations
• Location details
• Employees: phone numbers, contact names, e-mail addresses, and personal 
• Current events: mergers, acquisitions, layoffs, rapid growth, and so on
• Privacy or security policies and technical details indicating the types of security 
mechanisms in place
• Archived information
• Disgruntled employees
• Search engines, Usenet, and resumes
• Other information of interest


Post a Comment