• DocumentCode
    3054038
  • Title

    Footprinting: A Methodology for Auditing eSystem Vulnerabilities

  • Author

    Wren, Chris ; Reilly, Denis ; Berry, Tom

  • Author_Institution
    Sch. of Comput., John Moores Univ., Liverpool, UK
  • fYear
    2010
  • fDate
    6-8 Sept. 2010
  • Firstpage
    263
  • Lastpage
    267
  • Abstract
    This paper discusses the often overlooked issues and key vulnerabilities evident in Web facing technologies. The process of uncovering these issues and vulnerabilities is known as footprinting. We describe how organisations leak key information from their Web facing systems. Essentially the paper describes how individuals may target an organisation´s Internet systems using general purpose tools and techniques to obtain a digital footprint of that organisation and its system security posture. In particular, the paper highlights that footprinting is often a precursor to an attempted breach of the system perimeter by individuals with ulterior motives. Footprints are regarded as the first stage of a system compromise conducted by individuals wishing to escalate key system privileges with a view to exploiting known system vulnerabilities. The paper also states that footprinting is an activity that is often overlooked by administrators when hardening their systems and security profile. As a consequence of this we highlight the need for system administrators to have an awareness of the nature and type of footprints that their web facing systems provide the external environment and the consequences of failing to adequately control information leakage. The paper concludes by highlighting the need for individuals in various roles within an organization to be able to clearly identify and stem information leakage from their web facing systems in order to minimize the impact on systems´ security and vulnerability.
  • Keywords
    IP networks; Internet; business data processing; computer forensics; computer network security; Footprinting; IP address; Internet system; Web technology; digital footprint; eSystem vulnerability audition; forensic auditing; information leakage; system breach; system security; Companies; Domain Name System; IP networks; Internet; Security; Servers; World Wide Web; Footprinting; Forensic auditing; information classification; information leak; intentional threats; system hardening;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Developments in E-systems Engineering (DESE), 2010
  • Conference_Location
    London
  • Print_ISBN
    978-1-4244-8044-9
  • Type

    conf

  • DOI
    10.1109/DeSE.2010.49
  • Filename
    5633858