Network Security and
Protection

Footprinting and Reconnaissance Concepts

Learning Outcome

They collect evidence, interview witnesses, examine locations, and study every available clue

 A detective investigating a case.

Determine the organization, website, domain, IP address, or system that will be assessed.

Collect publicly available information from websites, search engines, social media, and public records.

Gather technical details such as domains, subdomains, DNS records, email addresses, and IP addresses.

How it works

 Introduction to Footprinting and Reconnaissance

Before any cyberattack simulation or security assessment, information about the target must be gathered. This process, called Footprinting and Reconnaissance, is the first phase of ethical hacking. It helps security professionals understand the target's systems, infrastructure, technologies, and potential weaknesses.

Footprinting and Reconnaissance enable ethical hackers to build a target profile, identify attack surfaces, and plan further security assessments. The more information collected, the more effective the later testing phases become.

What is Footprinting?

Footprinting is the process of gathering information about a target organization's systems, networks, infrastructure, employees, and technologies to create a detailed profile using publicly available or accessible information.

What is Reconnaissance?

Reconnaissance is the process of gathering information about a target before security testing or an attack to identify vulnerabilities, entry points, and security risks.

It can be Passive, where information is collected without interacting with the target, or Active, where the target is directly queried for information.

 Importance of Information Gathering in Cybersecurity

Identifies Potential Vulnerabilities

Finds weaknesses in systems, applications, and networks.

Understands the Target Environment 

Reveals technologies, network structure, operating systems, and security controls.

Supports Risk Assessment

Identifies threats and evaluates risks to critical assets and data. 

                       Publish only necessary information.

                       Avoid exposing internal system details.

                       Restrict sensitive contact information.

                       Review publicly available documents regularly.

Organizations should carefully review what information is publicly available through websites, documents, press releases, and online platforms.

 Limiting Public Information

WHOIS Privacy Protection hides sensitive registration details from public WHOIS databases.

 WHOIS Privacy Protection

Protects personal contact information.

Reduces exposure of domain ownership details.

Prevents targeted information gathering.

Employees may unintentionally expose sensitive information through websites, social media, and public platforms. Security awareness training helps them understand and prevent information disclosure risks.

3. Employee Security Awareness

WHOIS Privacy Protection hides sensitive registration details from public WHOIS databases.

 WHOIS Privacy Protection

Protects personal contact information.

Reduces exposure of domain ownership details.

Prevents targeted information gathering.

Educate employees about social engineering.

Encourage responsible online behavior.

Promote security awareness programs.

Limit sharing of internal information.

Obtain Proper Authorization

Get written permission before reconnaissance.

Stay Within Scope

Gather information only from approved targets.

Follow Applicable Laws

Comply with cybersecurity and privacy regulations.

 Ethical and Legal Considerations of Reconnaissance Activities

Obtain Proper Authorization

Get written permission before reconnaissance.

Stay Within Scope

Gather information only from approved targets.

Respect Privacy

Avoid unnecessary access to sensitive data.

Summary

 Which of the following is an example of Active Reconnaissance?

 Which of the following is an example of Active Reconnaissance?