Information gathering is the act of collecting information. In network security, it means getting information about an enemy that we would like to attack. There are 4 steps to do so. First and foremost, social engineering. Social engineering means getting information verbally by merely asking, or the electronic way of it is known as phishing. Secondly, by using published information. This is gained by searching the particular target online via Google search to obtain any information regarding the target. Thirdly, by using port scanning. We can download the tools and find the ports used by the target. Lastly, by using network mapping. Network mapping is the study of the physical connectivity of networks and often attempts to determine the servers and operating systems run on networks.
The objectives of information gathering are: * The organization’s work planning will be support to become more fully inclusive. * Used to get all the information that the company or organization using many steps.
1. Social engineering gives us information about who to contact if we were to send any malicious threat to the site. For example, we obtained the phone number ((212) 556-7777) or the email (firstname.lastname@example.org) to gain access to their system.
2. Using published information that is the url itself http://www.nytimes.com/. We ping the site by using command prompt to find out the IP address.
Procedure: i. Open CMD command ii. Ping the website address “ping nytimes.com” iii. Click Enter button iv. The command will display the ip adress of the site.
3. Using port scanning
Procedure: i. Insert IP address of the web site “188.8.131.52” using the port scanner tool. ii. Click on the Port Scan button. iii. The tool display port that used by the owner in the site. 4. Network mapping is the process of discovering the IP address or if possible their