COUNTER HACK Chapter 5 Reconnaissance
Download
Report
Transcript COUNTER HACK Chapter 5 Reconnaissance
COUNTER
HACK
Chapter 5 Reconnaissance
Information Networking Security and
Assurance LAB
Department of Communication Engineering
National Chung Cheng University
Chia-Yi, Taiwan , ROC
Mike
Information Networking Security and Assurance Lab
National Chung Cheng University
Low-Technology Reconnaisance
Socail Engineering
Physical Break-in
Dumpster Diving
Information Networking Security and Assurance Lab
National Chung Cheng University
Defenses against
Social Engineering Attacks
Physical Break-in
Dumpster Diving
Information Networking Security and Assurance Lab
National Chung Cheng University
Socail Engineering Attacks
Building trust.
Manipulate the target person to divulge secrets.
Gather confidential information.
Information Networking Security and Assurance Lab
National Chung Cheng University
Defenses against Social Engineering Attacks
User awareness.
Trained.
give explicit direction.
Not to give sensitive information away to a friendly caller.
Building a place where the employee reset the password for 24 hours per
day.
Information Networking Security and Assurance Lab
National Chung Cheng University
Physical Break-In
Enter the company
such as employees,temps,contractors etc.
Plant malicious programs on internal system
Having gained access to systems and
information
Information Networking Security and Assurance Lab
National Chung Cheng University
Defenses against Physical Break-In
Security badges to each and every employee.
After 5 mins,each of your machine should bring up a
screen saver requiring the user to type in password.
Lock on cabinets with sensitive machines.
Information Networking Security and Assurance Lab
National Chung Cheng University
Dumpster Diving
Trashing
Gold.
Discarded paper
information.
Information Networking Security and Assurance Lab
National Chung Cheng University
Denfenses against Dumpster Diving
A well-used paper shredder
Important data gets deposited in the extra
receptacle.
Information Networking Security and Assurance Lab
National Chung Cheng University
Search the Fine Web (STFW)
How to get information about the target?
Internet resources
Whois Databases
Tool
InterNIC(www.internic.net)
Allwhois Web site(www.allwhois.com/home.html)
Network Solutions whois database(www.networksolution.com)
Longest prefix matching
Policy routing
Information Networking Security and Assurance Lab
National Chung Cheng University
General Purpose Reconnaissance Tools
Sam Spade (www.samspade.org/ssw/)
CyberKit (www.cyber-kit.net/index.net/index.html)
NetScan (www.netscantools.com/nstmain.html)
iNetTools (www.wildpackets.com/products/inettools)
Information Networking Security and Assurance Lab
National Chung Cheng University
Conclusion
How to gets the information of the target?
Information Networking Security and Assurance Lab
National Chung Cheng University
Tools
Conclusion
Awareness
Information Networking Security and Assurance Lab
National Chung Cheng University