In: Computer Science
Mention any three reconnaissance techniques. Briefly explain each of them (just one or two sentences). Why reconnaissance is a threat to network security?
Answer:
Information Gathering and getting to know the target systems is the first process in ethical hacking.Reconnaissance is a set of processses and techniques(Footprinting,Scanning&Enumeration) used to covertly discover and collect information about a target system.
Techniques:
1.)Footprinting Technology:
Unsourced material may be challenged and removed.Footprinting(also known as reconnaissance) is the technique used for gathering information about computer systems and the entities they belong to.To get this information,a hacker might use various tools and technologies.
2.)Port Scanning:As the name implies,this is the act of scanning a range of ports on a victim.A port is used to make connections and manage communications for net-workable services or applications.Any open port is possible avenue of attack.There are multiple kinds of port scans,but those go beyond the scope of this introductory article.
3.)Discovery:This is the act of discoverying possible victims.Discovering is essential to reconnaissance as it tells us who our potential victims are.
Security threat involves three goals:
1.Confidentiality
2.Integrity
3.Availability
Confidentiality:This goal defines how we keep our data private from eavesdropping.Packing capturing and replaying are the example threats for this goal.Data encryption is used to achieve this goal.
Integrity:This goal defines how we avoid our data from being altered.MiTM(Man in the middle attacks) is the example threat gor this goal.Data hashing is used to take the fingerprint of data.Through hashing we can match data from its original source.
Availability:This goal defines how we keep available data to our genuine users.Dos(Denial of service attacks) is the example threat for this goal.User rate limit and firewall are used to mitigate the threat for this goal.
--Reconnaissance attack:
In this kind of attack,an adversary collects as much information about your network as he needed for other attacks.This information includes IP address range,server location,running OS,software version,types of devices etc.Packet capturing software,Ping command,traceroot command,whois lookup are some example tools which can be used to collect this information.Adversary will use this information in mapping your infrastructure for next possible attack.