Part A
Foot printing is very important in the process of information gathering for hackers given that is present them with the vital information about the target. Hacking is a complicated process that requires massive information gathering and understanding before an attack can be successful. As a consequence, foot printing is considered a significant part of the hacking process (Boyd, 2000). There are several ways through which hacker gain access to massive information about the target at the foot printing stage. The greatest source of information at the foot printing stage include: the target organization’s website, company directory, job boards, alternative websites, Google hacking, insecure applications, USENETS and Registrar query.
Hackers obtain a lot of open source information about their target from the target organization’s website. The open source information is freely provided to the customers, clients and the general public. Organization website provides hackers with vital information that can enable them gain access to the target with ease. The new and updates section present crucial information such as the updated applications and process that are crucial to the operation of the organization (Boyd, 2000).
Apart from the organization’s website, hackers obtain valuable information from company directories. The company directory usually outlines key departments or employees. By combining the information from the company directory and the social engineering, malicious attackers can easily call the organization’s help desk and demand a password to be changed or reset. Moreover, the hacker can utilize the biographical information present in the company directories to perform other kinds of social engineering deception (Boyd, 2000). Furthermore, hackers can gain vital information about the target website from alternative websites where information may be leaked by malicious employees. Another lucrative source of information for hackers includes search engines such as Google. Google hacking allow hackers to locate vital information about the target organization. The search engine is capable of performing more powerful search on a target than previously believed. There are specific Google search terms that hacker use to gather detailed and crucial information concerning a target. They use a combination of the search terms and advanced operators to gain access to information which are used for hacking.
Part B
Organizations can implement several practices to control the type of information that is made available to the public. One way of controlling the information made available to the public is by implementing strong information sharing policies. These policies will ensure that crucial and sensitive information which may be used to attack the organization are not made public. On the other hand, certain type of information such as those found in company directories cannot be regulated. However, employees can be trained to mitigate social engineering attempts made using information gathered from such sources.
References
Boyd, I. M. (2000). The Fundamentals of Computer HACKING. SANS Institute.
