Information Gathering | DROP Organization

Posted by on

The first work of an efficient cyber security professional is to effectively gather information which is correct, relevant and forms a part of the solution of a given problem. Information gathering is not confined to cyber security, but an essential skill to have in the field. Whenever we want to understand a given case or problem, the first and foremost thing we do is a research and gather information. It may take several hours to several days, depending on the subject matter of the case.

What is Information Gathering?

Information gathering or collecting data is a systematic process through which we conduct research and attempt to answer questions or resolve problems. The information can be of different types such as IP addresses, personal data, e-mails, location, domain names, software versions and operating systems and many more. It involves clear objectives, appropriate data collection methods (such as surveys, interviews, observations) and thorough analysis and organization of data.

Why is Information gathering done?

Information gathering facilitates maintaining simplicity in the process, helps to do thorough planning, collect reliable data with stringent quality control. Every piece of data collected helps to make well-informed decisions, strategic planning and conducting comprehensive research. It aids in answering one or more questions raised, uncover new angles to a problem. The next step after gathering the data is to analyze it and find potential lapses or gaps in the processes.


Information gathering can be classified into three major categories:

1. Footprinting

Footprinting is a technique to collect as much information as possible about the target. It helps hackers in various ways to enter on a system. It determines the security postures of the target. Footprinting can be active as well as passive. In passive footprinting, data is collected without the knowledge of the owner, whereas in active footprinting, the information is collected consciously and intentionally or by owner’s direct contact.

2. Scanning

Scanning is another essential step, which refers to the package of techniques and procedures used to identify hosts, ports, and various services within a network. It helps to create an overview scenario of the target organization and identify vulnerabilities such as missing patches, unnecessary services, weak authentication or weak encryption algorithms.

3. Enumeration

Enumeration refers to a process to establish an active connection to the target hosts to discover potential attack vectors in the system and the same can be used for further exploitation of the system. It helps to gather information such as usernames, group names, hostnames, network shares and services.

Techniques and methods of Information gathering

There are various methods for gathering information, and as a cyber security professional, one should be aware of all these techniques and should know the advantages and disadvantages to determine which of them are suitable for the purpose.

1. Questionnaries and Surveys

It is the most common method of data collection, where information can be collected directly from people. It can tailor questions which seem to be fit and bring more flexibility with the number and content of the questions. Moreover, questionnaires and surveys may take a long time to gather the data. 

2. One-on-One Interviews

Another method to collect information is one-on-one or personal interviews. Here, information is collected from a specific person or specific people to get the questions answered. It can be used to tailor the questions and add up more questionnaires as needed. It is a time-consuming process and not all respondents may be willing for the interview.

3. Observation

It is done by examining the operation of a certain program to gather information. One may know about how it works, how it is used in regular basis and its effectiveness. It might be time-consuming. The person conducting the observation needs to be familiar with many parts of the program or tool. 

4. Focus groups

It is similar to questionnaire and surveys, as such one need to create a focus group for conversation and concentrate on specific topic with certain stakeholders that are relevant. It allows you to collect fresh data and create a community. It gives direct access to people in the industry and permits to go in-depth into certain topics as opposed to a generic questionnaire. It might be time- consuming and costly as it requires multiple people from the team to manage the focus group.

5. Use cases and studies

One can use the cases and case studies to uncover direct experience between victim and attacker.  It provides real-world evidence of power of effective information gathering. It showcases how the victim was attacked and dealt with it in defense. Also, it helps to uncover the vulnerabilities of the victim as exposed to the attacker. It enables to work on weak areas and improve already available features. It might be costly in finding people to write the case study effectively and in collecting the data and conducting interviews.

Tools for Information Gathering

Various tools such as network mappers, packet sniffers, and domain research tools, are important to uncover valuable information about networks, system and online resources.

Network mappers and port scanners

These tools play a significant role in the process of information gathering. A network mapper like nmap:

  • Scan open ports
  • Recognize services operating on these ports
  • Generate visual maps based on data from regular scans to endure the accuracy of the network information.
They are significant in identifying network devices, components and connections, and contribute to the maintenance of precise for thorugh analysis and security evaluations 

Packet Sniffers and protocol analyzers
These are an integral set of tools for information gathering which includes tools like Wireshark. These tools:
  • Capture and analyze network packets to diagnose network issues and monitor network traffic.
  • Enable users to filter and drill down into the data
  • Store captured information for offline analysis
These tools offer valuable insights for network troubleshooting and optimization, by capturing live packet data and analyzing it in real-time.
Some important packet sniffers and protocol analyzers include:
  • Wireshark
  • Auvik
  • ManageEngine Netflow Analyzer
  • SolarWinds Network Packet Sniffer
  • Paessler PRTG
  • Tcpdump
  • WinDump
  • NetworkMiner
  • Colasoft
Domain and IP research tools
These tools helps to gather information related to IP addresses, networks, web pages, DNS records. Such tools aid in monitoring network security, identify potential weaknesses and vulnerabilities in network systems, assist in fortifying security, preparing for potential attacks, detect exposed assets and login panels that are not exposed to public. Some examples of these include:
  • Dig
  • Ping
  • Host
  • Whois command
  • WHOIS Search &Lookup
  • SecurityTrailsAPI
Ethical Considerations in Information Gathering
While collecting data through any process, one should accompany ethical considerations for information gathering. It is suitable to establish strategies and protocols to protect personal information and uphold privacy rights. Legal and professional guidelines, such as the ISTI guidelines for anti-doping organizations, professional regulations for law enforcement, and model standards for information gathering and public trust, govern the process of gathering information.
Unethical practices while information gathering may result in severe data regulations, long-tern negative consequences, harm to credibility and trust, and adverse effect on people and society.


Want to start your learning journey on Cyber Security and Ethical Hacking field?

Comments

Post a Comment