Reconnaissance Plan and Scanning Plan

docx

School

University of Maryland, University College *

*We aren’t endorsed by this school

Course

321

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

6

Uploaded by mdshay

Report
Penetration Test Proposal Deliverable 2: Reconnaissance Plan and Scanning Plan Course Number and Section: CMIT 321 6387 Date: June 10, 2020
Reconnaissance Plan Overview The pentest begins with the reconnaissance or footprinting phase. These actions are conducted to collect data pertaining to the network that is being evaluated prior to the actual engagement with the network. This information is collected from the company, the company’s network, and open source sources such as social media. There are two types of footprinting that will be utilized: passive and active footprinting. Passive reconnaissance efforts utilize methods that do not actually involve engaging the network. Because they do not touch the network, they can’t present any signatures that the network is being reconnoitered. Active reconnaissance efforts engage the network or organization to collect data for the pentest. Because of this, they can possibly alert the company to the attempts at collecting the data. Reconnaissance Methods Passive Reconnaissance Methods: Search Engine Search engines, such as Google, can be used to uncover some data regarding the network that is being evaluated. Google has advanced search operators that can be constructed in such a way that search for specific things in specific places that might reveal vulnerabilities. Web services/social media Websites such as linkedin, or social media like facebook can reveal a lot about the company and potential targets. It could reveal the personnel structure, identifying higher ranking targets in the company that might lead to more sensitive data. There are also sites that can reveal characteristics of the network, once the domain has been determined. Sites like Netcraft or SHODAN can reveal the operating systems or information about devices connected to the internet from the target network (EC-Council, 2018). Active Reconnaissance Methods: Website Tracking Utilities called web spiders, such as Web Data Extractor pull all pertinent data out of the website. This data that is pulled out include items like email addresses and phone numbers. There are also mirroring applications, like HTTrack that create copies of websites that can examined offline (Roeder, 2020). Email Footprinting
There is quite a bit of data that can be extracted from the header of an email, including the sender’s name, email and IP address, and information about the mail server (Ghahrai, 2019). There are also programs, such as eMailTrackerPro that can produce information about the email recipient, including things like internet browser or operating system that is being used. Whois Lookup Regional Internet Registries store information about the owners of domains in searchable databases. The information that is obtained from these searches, such as the domain owner’s phone number or email address, can be used in social engineering attempts (EC-Council, 2018). Traceroute Traceroute tools, such as path analyzer pro, send packets to a destination and show all the devices that the packet passes through to get there. This can help outline the topology of the network, identifying devices such as servers, routers, and firewalls. Social Engineering Social engineering efforts may not actually touch on the network, but they can reveal some of the most sensitive data. Common methods include eavesdropping, shoulder surfing and dumpster diving (Footprinting Methodology, n.d.) Documentation After the reconnaissance phase is complete, testers will document any vulnerabilities and prepare mitigation recommendations.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Scanning Plan Overview During the scanning phase of the pentest, testers use information uncovered during the reconnaissance phase to acquire more specific details about the network and its topology. It identifies things like hosts, ports, or services that are active on the network. These details can help identify vectors of access to the network for the exploitation phase of the pentest. Tactics, Techniques, and Procedures In order to conduct the exploitation phase of the pentest, testers will have to have information about the network and devices and services on the network, including details such as usernames and operating systems. There are several types of scanning that are utilized in this process, including port scanning, network scanning and vulnerability scanning. Port scanning identifies ports that are being utilized by the network, network scanning detects IP addresses on the network, and vulnerability scanning recognizes vulnerabilities on a system that may be exploitable (EC-Council, 2018). Host Recognition Testers can determine live hosts using Nmap or other tools by running a ping sweep. Ping sweeps send out messages to all hosts and if the hosts are active, a message is returned. This allows the tester to determine the IP addresses that will be targeted. Port Scanning Once again, the utility Nmap can be used to detect open ports on the network. Ports that are left unnecessarily open represent potential vulnerabilities that can be used to gain access to the network. OS Fingerprinting The Nmap utility sends a number of different modified TCP packets to different TCP ports. The responses that come back identify the operating system that is being used. Determining the version of the operating system that systems are running will allow the testers to know the vulnerabilities of the systems. Documentation The known topology of the network should be appropriately diagramed, using a tool such as network topology mapper. The network diagram will be integral to the pentest. Additionally, noted vulnerabilities should be documented with potential remedies.
References EC-Council. (05/2018). Certified Ethical Hacker (CEH) Version 10 eBook (Volumes 1 through 4) . [eVantage]. Retrieved from https://evantage.gilmoreglobal.com/#/books/9781635671919/ Footprinting Methodology. (n.d.). Retrieved from https://www.greycampus.com/opencampus/ethical- hacking/footprinting-methodology Ghahrai, A. (2019, July 10). Footprinting and Reconnaissance. Retrieved from https://devqa.io/footprinting-overview/ Roeder, L. (2020, February 17). 4 Website Copying Programs. Retrieved from https://www.lifewire.com/top-website-copying-programs-2655052
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

MHY6750 Milestone 2 - Chiedozie Ilechie v100.pdf
M7L2 Summary.docx
CMGTCB 556 Enterprise Models Security Analysis Threat Competency 3.docx
Quiz Week 6.docx
Final Penetration Test Proposal.docx
Week 6 Discussion.docx
Rules of Engagement.docx
CMGTCB 555 Systems Analysis and Development Competency 3 Assessment Part 1.docx
The Pitfalls of Reinforcement answers.docx
Building and Launching a Software Application.docx
RahmanWeek1.docx
Networking Assignment(1).docx