Reconnaissance uses a variety of sources to learn as much as possible about the target business and how it operates, including •Internet searches •Dumpster diving •Domain name management/search services •Non-intrusive network scanning •Social engineering Phase 2 – Scanning Once you have enough information to understand how the target works and what information of value might be available, you begin the process of scanning perimeter and internal network devices looking for weaknesses, including •Open ports •Open services •Make and model of each piece of LAN/WAN equipment •Vulnerable applications, including operating systems
•Weak protection of data in transit Phase 3 – Gaining Access Gaining access to resources is the whole point of a modern-day attack. The usual goal is to either extract information of value to you or use the network as a launch site for attacks against other targets. In either situation, you must gain some level of access to one or more network devices. Phase 4 – Maintaining Access Having gained access, you must maintain access long enough to accomplish your objectives. Although you have reached this phase has successfully circumvented their security controls, this phase can increase your vulnerability to detection.
Phase 5 – Covering Tracks After achieving your objectives, you typically takes steps to hide the intrusion and possible controls left behind for future visits. Again, in addition to anti-malware, personal firewalls, and host-based IPS solutions, deny business users local administrator access to desktops. Alert on any unusual activity, any activity not expected based on your knowledge of how the business works. To make this work, the security and network teams must have at least as much knowledge of the network as the attacker has obtained during the attack process.