Passive
reconnaissance or passive attacks is a method for
gaining information about a target system or network without
actively engaging with the system whereas active
reconnaissance which involves port scanning to
find open ports for conducting attacks in the system requires the
attacker to engage with the system actively.
a. Here, a Jane tries the method of
passive reconnaissance to acquire information about the routers and
the other systems or devices present in the network of the
organization. Jane passively oversees the conversation of the
system administrators of the organization on their forum and as she
has their contact numbers, she also tries to impersonate or
masquerade as another employee of the organization to get valuable
information about their systems. Passive reconnaissance is also
known as a method of social engineering.
The steps the organization should
have taken to prevent the attacker Jane to find out such valuable
information about the devices and system types present in the
organization are:-
- Any discussions related to the IT
resources of the organization such as their routers, computing
devices should happen over a closed channel or on a forum belonging
to the intranet of the company which should only be accessible to
the employees of the organization after they login with their valid
employee email id and password. Passwords should be changed on a
regular basis.
- Employees or system administrators
should be advised against sharing their email IDs and passwords
with anyone unknown. Awareness programs must be conducted by the
higher management to make the employees aware about the various
safety measures that he/she should take while handling important
data of the company. Employees should be advised against accessing
insecure sites or respond to spam mails.
- System administrators should be
advised against handing out any information related to the devices
of the company via phone calls, even if the caller happens to be
another employee. A through check of the caller should be made and
then the system administrator could write a mail to that employee
over the intranet of the organization to hand out the asked
information. An email over the intranet of an organization is more
secure than a phone call.
- Computing devices of the
organization should be installed with the licensed and updated
versions of application softwares and antivirus softwares so that
there is no chance of a virus or malware to affect the system.
Model number of routers and other devices should be stored in a
secure database of the organization which should have very limited
access.
2. Jane running a network scanner to
find out the open ports of the organization and the services
running on them is an example of active reconnaissance.
The steps the organization should
take to prevent active reconnaissance are:-
- A good firewall should be used
which would monitor the exposed ports and also control the
visibility of those ports.
- A good Intrusion Prevention System
(IPS) or Intrusion Detection System (IDS) should be used to detect
and shutdown any ongoing port scans so that the attacker could not
gauge the network of the organization.
- Antivirus software must be used to
flush out any threat on the systems of the organization. Harmful
files or files coming from unknown sources should not be downloaded
on the systems of the organization. The routers and other computing
devices should be replaced with newer ones in every
quadrennial.
- Servers and operating systems
should be patched with the last software versions and information
about the latest threats on the operating systems should be
known.
These are the ways in which the
attacks could be prevented.