Penetration Testing mailing list archives
New Whitepaper: Passive Information Gathering Techniques
From: "Gunter [Technicalinfo.net]" <gunter () technicalinfo net>
Date: Wed, 4 Feb 2004 20:32:54 -0000
Next Generation Security Software ltd. (NGS) have now made available a comprehensive technical whitepaper covering an often skipped phase of pentesting - Passive Information Gathering. This new paper is available for download at: http://www.nextgenss.com/papers/NGSJan2004PassiveWP.pdf ABSTRACT Most organisations are familiar with Penetration Testing and other ethical hacking techniques as a means to understanding the current security status of their information system assets. Consequently, much of the focus of research, discussion, and practice, has traditionally been placed upon active probing and exploitation of security vulnerabilities. Since this type of active probing involves interacting with the target, it is often easily identifiable with the analysis of firewall and intrusion detection/prevention device (IDS or IPS) log files. However, too many organisations fail to identify the potential threats from information unintentionally leaked, freely available over the Internet, and not normally identifiable from standard log file analysis. Most critically, an attacker can passively gather this information without ever coming into direct contact with the organisations servers - thus being essentially undetectable. Very little information has been publicly discussed about arguably one of the least understood, and most significant stages of penetration testing - the process of Passive Information Gathering. This technical paper reviews the processes and techniques related to the discovery of leaked information. It also includes details on both the significance of the leaked information, and steps organisations should take to halt or limit their exposure to this threat. http://www.nextgenss.com/papers/NGSJan2004PassiveWP.pdf We hope the paper proves informative and useful to you all. ------------------------------------------------------ G u n t e r O l l m a n n, MSc(Hons), BSc Professional Services Director Next Generation Security Software Ltd. First Floor, 52 Throwley Way Tel: +44 (0)208 401 0089 Sutton, Surrey, SM1 4BF, UK Fax: +44 (0)208 401 0076 http://www.nextgenss.com ------------------------------------------------------ --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- New Whitepaper: Passive Information Gathering Techniques Gunter [Technicalinfo.net] (Feb 05)