Reconnaissance refers to the preparatory phase where an attacker seeks to gather as much information as possible about a target of attack prior to launching an attack. This phase is also where the attacker draws on competitive intelligence to learn more about the target. The phase may also involve network scanning either external or internal without authorization.
This is a phase that allows the potential attacker to strategize his attack. This may spread over time, as the attacker waits to unearth crucial information. One aspect that gains prominence here is social engineering. A social engineer is a person who usually smooths talk's people into revealing information such as unlisted phone numbers, passwords or even sensitive information. Other reconnaissance techniques include dumpster diving. Dumpster diving is the process of looking through an organization's trash for discarded sensitive information. Building user awareness of the precautions they must take in order to protect their information assets is a critical factor in this context.
Attackers can use the Internet to obtain information such as employee contact information, business partners, technologies in use and other critical business knowledge. For example, a Whois database can give information about internet addresses, domain names, contacts etc. If a potential attacker obtains the DNS information from the registrar, and is able to access it, he can obtain useful information such as mapping of domain names to IP addresses, mail servers, host information records etc.
It is important that the organization has appropriate policies to protect usage of its information assets and also to serve as guidelines to users of what is acceptable use. These policies can also serve to increase user awareness and make users more accountable for their actions.
Reconnaissance techniques can be categorized broadly into active and passive reconnaissance.
When an attacker is approaching the attack using passive reconnaissance techniques, he does not interact with the system directly. He will use publicly available information, social engineering, dumpster diving etc as a means of gathering information.
When an attacker uses active reconnaissance techniques, he will try to interact with the system by using tools to detect open ports, accessible hosts, router locations, network mapping, details of operating systems and applications.
The next phase of hacking is scanning, which is discussed in the following section. Some experts do not differentiate scanning from active reconnaissance. However, there is a slight difference in that scanning involves more in depth probing on the part of the attacker. Often reconnaissance and scanning phases overlap and it is not always possible to demarcate these phases as water tight compartments.
Active reconnaissance is usually used when the attacker discerns a low threat to his reconnaissance activities being detected. Newbie and script kiddies are often seen attempting this to get faster visible results and sometimes for the brag value they contain.
As an ethical hacker, you must be able to distinguish between the various reconnaissance methods and be able to advocate preventive measures in the light of the potential threat. Organizations on their part must have addressed security as an integral part of their business or operational strategy and must have proper policies and procedures in place to check such activity.
COMMENTS