- "Do I Know This Already?" Quiz
- Foundation Topics: Overview of the Seven-Step Information-Gathering Process
- Information Gathering
- Determining the Network Range
- Identifying Active Machines
- Finding Open Ports and Access Points
- OS Fingerprinting
- Fingerprinting Services
- Mapping the Network Attack Surface
- Summary
- Exam Preparation Tasks
- Review All Key Topics
- Define Key Terms
- Exercises
- Review Questions
- Suggested Reading and Resources
This chapter is from the book
This chapter is from the book
This chapter is from the book
Foundation Topics: Overview of the Seven-Step Information-Gathering Process
Footprinting is the first step of the hacking methodology, and it is all about gathering information. Most organizations share a tremendous amount of information and data through various channels, including their websites and social media pages, their employees, and even their help desks. Footprinting is about information gathering and is both passive and active. Reviewing the company’s website is an example of passive footprinting, whereas calling the help desk and attempting to social engineer them out of privileged information is an example of active information gathering. Port scanning entails determining network ranges and looking for open ports on individual systems. The EC-Council divides footprinting and scanning into seven basic steps, as follows:
Information gathering
Determining the network range
Identifying active machines
Finding open ports and access points
OS fingerprinting
Fingerprinting services
Mapping the network attack surface
Many times, students ask for a step-by-step method of information gathering. Realize that these are just general steps and that ethical hacking is really the process of discovery. Although the material in this book is covered in an ordered approach, real life sometimes varies. When performing these activities, you might find that you are led in a different direction from what you originally envisioned.
