The concepts of external and internal reconnaissance are similar. If the penetration tester has or gains access to an internal network, he will also perform internal reconnaissance to continue enumerating hosts. These are the systems that a typical attacker will initially identify prior to any focused compromise. In most cases, the tester will first perform external reconnaissance to reconnoiter the external-facing and DMZ hosts of an organization from the Internet. Reconnaissance should be performed from two perspectives during a penetration test. They know that identifying networks, hosts, and services is much easier to do before an attack begins and allows them to attack only targets that are likely to produce the desired outcome. That’s why the more experienced penetration testers take a slow and methodical approach to hacking. The criticality of reconnaissance cannot be overstated. These premature attempts to compromise pseudo-random hosts are likely to trigger alerts on intrusion prevention systems, firewalls, and host-based security controls. Network security personnel with little training or experience will often begin their analysis by finding a few target systems and immediately attempt to compromise their security with user/password logins and vulnerability penetration tests. The importance of reconnaissance in vulnerability discovery and penetration testing is usually overlooked.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |