This blog is all about Cyber Security and IT

Sunday, March 10, 2019

Defensive measures to Prevent reconnaissance attacks

Defensive measures Prevent reconnaissance attacks by 100% is virtually impossible, precisely because footprinting is based on finding publicly available information about the target organization. And this information it’s public for a good reason.
For example, imagine the ABC organization which sells pet products through its website and through retail distribution stores.
Would it make sense to keep secret the address of the website

Publishing the website allow users to find it through search engines like Google, Altavista, Metacrawler, etc., even without investing in advertising. And how could it sell the products through its website if the customers don’t know how to get there?
Therefore, what we can do is to minimize our exposure by making public only what it’s needed. I remember a particular case, during the reconnaissance phase when I found out that the network administrator of my client had posted the Intranet webserver on the Internet.
The same word Intranet indicates that this is a server for internal use only. This is a clear example of a service that should not be published. If for any reason is necessary to access it over the Internet, the safest way to do this is through the implementation of virtual private networks (VPNs), but not by opening the port in the firewall so that everyone can find an internal server from Internet.
Clarified this point, I suggest some preventive measures:

Keep the information private in the Who-Is directory services paying an annual fee to your hosting provider or NIC.

Avoid posting detailed information about operating systems, applications, hardware and personal information through social media or the news job offering section.

Train all company personnel on information security precautions and how to avoid becoming a victim of a social engineering attack.

Publish over the Internet only services of public nature (corporate web, name server, mail server, etc.) and confine such servers in a demilitarized zone (DMZ).

Install perimeter security measures (intelligent next generation firewalls, IDS/IPS systems, etc.).

Implement measures to protect data as encryption.


Post a Comment