What is Footprinting?
Footprinting is gathering data about the target system which can be utilized to execute to hack the system. To get this data, a programmer may utilize different strategies with variation apparatuses.
Footprinting can reveal system vulnerabilities and improve the ease with which they can be exploited.
The majority of the time is spent in Footprinting. Information such as Firewall, OS used, and Security configurations in the target system, IP address, Server configurations, VPN, URLs, Network map.
Footprinting begins by determining the location and objective of an intrusion. Once this is known, specific information about the organization is gathered using non-intrusive methods. For example, the organization’s own Web page may provide a personnel directory or employee bios, which may prove useful if the hacker needs to use social engineering to reach the objective. Conducting a whois query on the Web provides the domain names and associated networks related to a specific organization.
Footprinting helps to
Know Security Posture – The data gathered will help us to get an overview of the security posture of the company such as details about the presence of a firewall, security configurations of applications, etc.
Reduce Attack Area – Can identify a specific range of systems and concentrate on particular targets only. This will greatly reduce the number of systems we are focussing on.
Identify vulnerabilities – we can build an information database containing the vulnerabilities, threats, loopholes available in the system of the target organization.
Draw Network map – helps to draw a network map of the networks in the target organization covering topology, trusted routers, presence of server, and other information.
Types of Footprinting
1. Passive Footprinting
This involves gathering information about the target without direct interaction. It is a type of footprinting gathering that is mainly useful when there is a requirement that the information-gathering activities are not to be detected by the target is not sent to the target organization from a host or from anonymous hosts or services over the Internet. We can just gather the documented and put away data about the target utilizing web crawlers, social networking websites, etc.
Passive footprinting techniques include: –
- Finding the Top-level Domains (TLDs) and sub-domains of an objective through web services
- Gathering area information on the objective through web services
- Performing individuals search utilizing social networking websites and individuals search services
- Stealing monetary data about the objective through various monetary services
- Get-together framework subtleties of the objective association through places of work
- Checking objective utilizing ready services
- Social occasion data utilizing gatherings, discussions, and online journals
- Deciding the working frameworks being used by the objective association
- Extricating data about the objective utilizing Internet documents
- Performing competitive intelligence
- Discovering data through web crawlers
- Monitoring website traffic of the target
- Tracking the online reputation of the target
- Gathering data through social designing on social networking destinations
2. Active Footprinting
This involves gathering information about the target with direct interaction. In this type of footprinting, the target may recognize the ongoing information gathering process, as we only interact with the target network.
Active Footprinting techniques include: –
- Querying published name servers of the target
- Extracting metadata of published documents and files
- Stealing a lot of website information using various types of mirroring and web spidering tools
- Gathering information through email tracking
- Performing Whois lookup
- Extracting DNS information
- Performing traceroute analysis
- Performing social engineering
Ways and Tools for Footprinting any target
It all starts from our browsers. Everything you need is available on the Internet. Let us suppose we are trying to gather information about Cisco. All you need to do is, go to your browser and enter “Cisco”. You will now get the URL, which is the first piece of information you have.
Not just limiting to URL but, the proper search can also help an attacker to extract information about a target such as technology platforms, employee details, login pages, intranet portals, etc. which helps in performing social engineering and other types of advanced system attacks.
As you have the URL of your target, you can now get the IP of the URL with Ping
3. Whois Lookup:
This is a site that is very useful for Hackers. Through this site data about the email-id, domain name, owner of the domain, and so on can be found out. Essentially this serves as a path for Website Footprinting.
- For doing this, open the browser and search for http://whois.domaintools.com/.
- Enter the name or IP address of the target organization and click on ‘Search’.
- The output will show the details about the organization’s online presence.
NsLookup queries the specified DNS server and retrieves the requested records that are associated with the domain name you provided. This command gives information such as domain name’s IP addresses.
5. CDPSnarf Package Description
CDPSnarf Package Description is a footprinting tool in Kali Linux. It is a sniffer only written to separate data from CDP parcels as it is for the network layer. It gives all the data that would return on a Cisco switch and considerably more.
6. Social Engineering
When talking about footprinting in cybersecurity, social engineering comes first to mind.
There are different procedures that fall into this class. A couple of them are:
- Snooping – The attacker attempts to record individual discussion of the target with somebody that is being held over correspondence mediums like Telephone.
- Shoulder Surfing – In this method Attacker attempts to get the individual data like Email id, and so forth; of the target machine by keeping an eye on the work written or typed by the victim.
7. Neo Trace
NeoTrace is an integral asset for getting data about the path. The graphical presentation shows the course amidst the remote site and the hacker, including every single intermediate hub and their data. NeoTrace is a notable GUI course tracer program. Alongside a graphical course, it additionally shows on location, IP address, contact data of every hub. It is very useful in footprinting in network security.
How to prevent Footprinting?
Your every move, each activity, or data available on the internet is a potential footprint that can open layers of information for attackers.
Now let’s discuss preventive steps to avoid threats and reduce the security risk of the organization and individual.
1. Delete or De-activate old accounts
Once your account is assigned online, it can be shared anywhere with your full name, email address, pictures, location, and other information. Official email accounts provided to the employees are also available online. Once the employee has left the organization, the email account must be deleted to avoid fraudulent transactions using the same.
2. Unsubscribe from unwanted mails
All of us keep subscribing to newsletters, events registrations, offers, and to many other mail lists. While some of these lists may be useful, most of them result in unnecessary clutter in our mailbox. Unsubscribe to all unnecessary emails so that you can reduce your digital footprinting on the internet.
3. Use stealth mode
There are many browsers that help you to surf with privacy. This is how you can search online with ease and avoid websites from tracking your interests, location, etc. Using browsers like TOR, Duck Duck Go with some advanced settings in your regular browser can restrict the sharing of your information online.
4. Use a VPN
There are many VPNs, or Virtual Private Networks, available that you can use for privacy. A VPN provides you with an extra layer of security to protect your privacy over the internet. This will prevent others from tracking your web activity and being able to collect data by watching your surfing patterns.
Prevent search engines from crawling through your cached webpages and user anonymous registration details, and minimize unwanted footprints.
6. Configure Web servers
Configure your web servers to avoid information leakage and block all unwanted protocols to prevent any unethical external scans. Use TCP/IP and IPSec Protocols. Always maintain a separation between the internal and external DNS.
7. Do it yourself
Perform footprinting techniques as we have discussed above and do a check to see whether any sensitive or unwanted information of yours is available on the internet. Use the OSINT framework to delve deeper, and remove posted/ shared data that reveals any kind of sensitive information which can be a potential threat. Share tips and tricks to avoid fraud calls and social engineering.
What is Reconnaissance
Similar to footprinting, Reconnaissance is a very important stage in the initial hacking process. In this stage, attackers gather information, much like a detective does! This process involves gathering information about the target flaws, vulnerabilities that can be used in penetration testing, and the beginning of any data breaches.
Any information gathered about the target may be a crucial piece of the jigsaw, needed to reveal the critical vulnerabilities of the target.
What critical information can be revealed in the reconnaissance phase?
1) Network Information
- IP addresses
- subnet mask
- network topology
- domain names
2) Host Information
- user- names
- group names
- architecture type
- operating system family and version
- TCP and UDP services running with versions
3) Security Policies
- password complexity requirements
- password change frequency
- expired/disabled account retention
- physical security (e.g. access badges, door locks, etc.)
- intrusion detection systems
4) Personnel details
- telephone number
- social hangouts
- computer skills
Difference between footprinting and Reconnaissance
Network footprinting is the process of accumulating data on a specific environment with the purpose of revealing vulnerabilities of the system while Reconnaissance is the process of gathering data or inspecting a preliminary area of interest over a period of short time.
The more information the hacker is able to gather, the higher are their chances of a successful attack. If you increase your security right from the initial phase, it will reduce the possibility of an attacker getting into your system. By controlling your digital footprint, you can increase your security posture and keep your data safe from hackers.