I was offered a free scholarship to attend the latest version of EC-Council's Certified Ethical Hacker (CEH) course last week, which was touted as the most advanced ethical hacking program in the world. The pilot run of CEHv7 in Singapore was conducted at New Horizons over the course of a week, and was of particular interest to me given my previous stint in the IT industry. One of the topics explored the initial reconnaissance tactics employed by hackers, which had me thinking of possible steps for SMBs to take to better protect themselves.
To help SMBs better understand the situation, I've outlined two initial "footprinting" activities below that black hat hackers use against their targets. I've also included some suggestions that SMBs can adopt to deter or at least stymie these information-gathering vectors.
Domain Registration and DNS Information
It is common knowledge that businesses with an Internet presence in the form of a website or email address have to first register their domain with an official domain name registrar. Exploiting this process, a hacker can tap into publicly available domain registration data and gain access to a wealth of published information that ranges from the age of the domain, company address, technical and administrative contact, or even the specific ranges of IP addresses used by the company for its business activities.
A simple way to tighten easy access to the above information is to pay for private domain registration. This will ensure that personal information is kept private and away from the bad guys and spammers alike. Do note that this is not a fool-proof solution, however, since IP addresses must be made public in order for services such as email servers and Web servers to function correctly. However, relying on a private domain registration is a cheap and easy way to keep important company-specific data under wraps.
This might sound strange, but an experienced hacker will not attempt to break into the servers of their victim right away. They will instead work to extricate as much information as possible about the target organization from legal channels. This could involve completely innocent activities such as browsing through your SMB's website to determine corporate structure and size. In addition, poring through recent press releases or forum posts by staffers will allow them to form an assessment of the financial health and security awareness of their target-crucial details for pulling off a successful cyber attack.
Also, note that there are many search engine tricks (I wrote about some of them in "Improve Your Web Search Skills") that can be used to uncover information that is not directly linked from the front page of your website. Though it would be self-defeating to omit all means of contacting employees from the company website, SMBs do need to exercise caution in what gets posted onto the Web. In addition, employees should never assume that orphaned pages without password protection are inaccessible to parties not privy to its existence; a misconfigured Web server setting could have allowed Google to index it.
There are obviously many other practices that SMBs can adopt to better protect themselves. Do feel free to chip in if you have any suggestions.