When it comes to data protection and web security it helps to think like a cyber-criminal. This blog addresses one scenario of information gathering that a cyber-criminal does to prepare for his “heist”, but there are certainly many others.
The website drive-by… Most websites provide contact and location information. Each corporate phone number may identify the base number of the block of numbers within a phone exchange assigned to your company. Serious attackers use war dialing software to scan these blocks for modems, oft-neglected side doors to your network. In addition, contact e-mail addresses sometimes identify domain-specific mail hosts, and may reveal how a company structures its intranet. These are some of the most common things a cyber criminal may look for.
Catching your company off guard…It is also important to keep in mind motivated attackers may be very patient. They may wait for times when a targeted company is engaged in acquisitions and mergers. During such transition periods security can be unintentionally put on the back burner, with all the hype surround the project. Hackers pounce on such opportunities.
Name Servers and Registrars….WHOIS database entries enumerate the public Domain Name Servers. The Domain Name Service is primarily used to find out what host name goes with what IP address (and vice versa), and to provide mail routing information. Serious attackers will attempt zone transfers — the equivalent of copying your entire public DNS database. As a rule, you should not permit zone transfers from your public DNS server, except to a list of servers you trust. But even individual DNS lookups can provide an attacker with useful information. For example, mail exchange records may reveal the IP address of a firewall where a mail server or proxy is run.
Stealing the Blueprint… With the information gathered using the methods discussed, the attacker will begin probing your network with ICMP utilities — traceroute, firewalk, ping nmap. Using the results from these utilities, he will first attempt to determine how traffic is routed to your networks, and then will attempt to create a topology map of your network(s). The processes of network mapping, host and services scanning, enumeration, and discovery are too detailed to continue here. The point is that if you’re not proactive, you’ll unwittingly help hackers map your network with chilling accuracy.
WatchGuard Solution….Here at WatchGuard we make it easy to keep these cyber-criminals out of your network. Take a look at our two minute DLP video to learn just how quickly you can make your business WatchGuard safe.