“All the success of an operation lies in its preparation”, Sun Tzu. Already true in the 6th century BC, this maxim remains true in the 21st century. And malicious attackers have well integrated it to their strategy.
Before launching their attack, attackers list all information available on the internet about their target. Digital transformation brings advantages to organisations, but it also makes a lot of information visible from the outside to who knows where to search, or even just where to look. This information helps then malicious attackers to adapt their attack to the target.
Luckily, this situation is no fatality. Each company can cartography its digital footprint, in order to then control and limit visible information. This is what a recon audit is all about.
Steps of a Digital Footprint Audit
Contrary to a penetration test (pentest), pentesters (cybersecurity experts) are not trying to enter the system of an organisation during a recon audit. They are examining available clues about a company to find potential gateways.
There is thus no risk to interfere with the organisation’s daily activities.
Digital footprinting is divided in two parts:
- infrastructure recon: every technical data available is reviewed
- human recon: researches focus on every data left by humans (employees, providers, suppliers…)
The search of information can be active or passive:
- Passive recon: no traffic is generated on the infrastructure of the target. Research is made with classic or specialized search engines on public data.
- Active recon: the “target” will be directly asked. For example, server ports can be voluntary scanned to see for which services they answer.
Infrastructure Footprint (or “Technical” Recon Audit)
Technical information is researched for the whole possible attack surface. Elements concerned are in fact various. For an organisation, this means domain names, web hosts, IP addresses, open services on servers (including web applications), the development technologies used…
Older elements -which could be half-forgotten by organisations- should also not be neglected: they are likely to be vulnerable or to reveal information, such as development versions, used technologies, part of site in theory private which are actually available, test data still online…
“Human” Footprint
All information about people and left by people are interesting, especially to build social engineering attacks.
The researched data starts with professional email addresses, name, function and phone number of employees of the audited organisation. Then, information published by people themselves is examined: on social networks, on forums, through public CV, etc.
For example, a technical person can ask for advice on a forum on how to configure a communication with a server. This can potentially inform on the server types used in his company.
During the research phase, a focus can be put to find specific data, as passwords, confidential files stored in a bit hazardous way, etc. Data leaks can also be used to find email addresses and passwords.
Secure Your Digital Footprint
Keeping control on data exposed on the internet is becoming harder and harder with the digitalisation of organisations. Between their official online presence, the daily use of web tools and/or services, or even their activity going online, the areas in which companies are leaving traces is growing. It is delicate to keep control on all these elements, especially in a constant moving environment.
That’s why we offer an audit dedicated to the recon, in order to help you to determine and manage your digital footprint.
The inventory of online traces of an organisation helps to know precisely what is exposed on the internet. This mapping allows, first of all, to delete old information and elements that are not useful anymore or even information that should not have been made public in the first place. Then, other information can be dissimulated, and/or their access limited.
Finally, the organisation can raise its personal awareness on protection of personal data as well as company data.