New Whitepaper: Passive Information Gathering Techniques

From: Gunter [Technicalinfo.net] (gunter@technicalinfo.net)
Date: Wed Feb 04 2004 - 15:32:54 EST


Next Generation Security Software ltd. (NGS) have now made available a
comprehensive technical whitepaper covering an often skipped phase of
pentesting - Passive Information Gathering. This new paper is available for
download at: http://www.nextgenss.com/papers/NGSJan2004PassiveWP.pdf

ABSTRACT
 
Most organisations are familiar with Penetration Testing and other ethical
hacking techniques as a means to understanding the current security status
of their information system assets. Consequently, much of the focus of
research, discussion, and practice, has traditionally been placed upon
active probing and exploitation of security vulnerabilities. Since this type
of active probing involves interacting with the target, it is often easily
identifiable with the analysis of firewall and intrusion
detection/prevention device (IDS or IPS) log files.

However, too many organisations fail to identify the potential threats from
information unintentionally leaked, freely available over the Internet, and
not normally identifiable from standard log file analysis. Most critically,
an attacker can passively gather this information without ever coming into
direct contact with the organisations servers - thus being essentially
undetectable.

Very little information has been publicly discussed about arguably one of
the least understood, and most significant stages of penetration testing -
the process of Passive Information Gathering. This technical paper reviews
the processes and techniques related to the discovery of leaked information.
It also includes details on both the significance of the leaked information,
and steps organisations should take to halt or limit their exposure to this
threat.

http://www.nextgenss.com/papers/NGSJan2004PassiveWP.pdf

We hope the paper proves informative and useful to you all.

------------------------------------------------------
G u n t e r O l l m a n n, MSc(Hons), BSc
Professional Services Director
                                                      
Next Generation Security Software Ltd.
First Floor, 52 Throwley Way Tel: +44 (0)208 401 0089
Sutton, Surrey, SM1 4BF, UK Fax: +44 (0)208 401 0076
http://www.nextgenss.com
------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:47 EDT