Share
Explore BrainMass

Dumpster Diving: Protecting Information

One of the things a security analyst must consider when protecting their infrastructure and information is the ability of an attacker to access information about an organization, systems they utilize, and the information their protecting. One of the techniques an attacker uses is reconnaissance. Reconnaissance is the first phase an attacker uses to gather information. This information is used to learn as much as possible about the target to determine competitive intelligence. The attacker might even uses legitimate and non-legitimate tools to monitor and scan a target system. This information is critical for an attacker to strategies their attack. Reconnaissance can also be referred to as "Footprinting."

Reconnaissance as simple as dumpster diving can divulge sensitive information. What kind of information do you think you could gather in dumpster diving? (Please answer)

Select five of the following and review what they offer and write a summary of what it does and why you would think it would help an IT security analyst.

- Whois database utility or website http://www.tamos.com/sw.htm or http://ws.arin.net/whois; http://www.whois.net
- GEOSpider or http://www.geowhere.net
- Web Site http://www.visualware.com
- Web Site www.samspade.com
- Web site www.waybackmachine.com
- Web site www.archive.org
- SpiderFoot www.binarypool.com/spiderfoot/
- ARIN https://www.arin.net/
- NEO Trace http://articles.techrepublic.com.com/5100-10878_11-1053295.html
- Angry IP http://www.angryyziber.com
- Solarwinds http://solarwinds.net
- Sensepost Footprint Tools http://www.sensepost.com/
- BiLE Suite http://www.vulnerabilityassessment.co.uk/bile.htm
- Alchemy Network Tool http://www.alchemy-lab.com/products/ant/
- Advanced Administrative Tool http://www.glocksoft.com/aatools.htm
- My IP Suite http://www.sabsoft.com/MyIPSuite/
- Wikto Footprinting Tool http://www.security-database.com/toolswatch/Wikto-2-2837-27211-just-released.html
- SmartWhois http://smartwhois.com/
- ActiveWhois http://activewhois.com/
- LanWhois http://lantricks.com/lanwhois/
- CountryWhois http://www.tamos.com/products/countrywhois/
- WhereIsIP http://whereisip.findmysoft.com/
- Ip2country http://ip2country.en.softonic.com/
- CallerIP http://www.callerippro.com/
- Web Data Extractor Tool http://www.webextractor.com/
- Online Whois Tools
- What is MyIP http://www.whatismyip.com/
- DNS Enumerator http://www.securiteam.com/tools/5VP0H1FHGO.html
- http://docs.google.com/viewer?a=v&q=cache:YRGLixFxzJYJ:packetstormsecurity.org/papers/general/dns-enumeration.pdf+dns+enumerator&hl=en&gl=us&pid=bl&srcid=ADGEESjx-NiSu4O2LQRkR9wymoN5nbDCU8hLnTYzyLVvIxgdMvWf8UEtsMdimgK-9qYF48qOcDf3s9VKaFouVMoayHaVhAzsLjCsbSKKWeR3vbQ5KoFC4M-SDutqsZFXZyYpL2qbJNz_&sig=AHIEtbQtSR4mfRCuHM9IHqPbOhfTnlfR4A
- SpiderFoot http://www.binarypool.com/spiderfoot/
- Nslookup http://support.microsoft.com/kb/200525

Solution Preview

You should understand that dumpster diving is sifting through waste to find items that have been discarded by their owners but are useful to the dumpster diver. Valuable information that can be gathered from dumpster diving includes information about business competitors. These include analysis reports, government reports, and discarded presentation. Also, dumpster diving can give important competition related information such as price lists, advertising budgets, promotions being used, tenders being submitted, and patent applications. The other important information that can be obtained during dumpster diving includes suppler information, participation details in trade shows, sales force reports, seminars organized/attended, records of terms with ...

Solution Summary

Incoming and outgoing connections are explained in this response. The answer includes 6 references used.

$2.19