Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


New Whitepaper: Passive Information Gathering Techniques
.

  • To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
  • Subject: New Whitepaper: Passive Information Gathering Techniques
  • From: "Gunter [Technicalinfo.net]" <[EMAIL PROTECTED]>
  • Date: Wed, 4 Feb 2004 20:32:54 -0000
  • Cc: <[EMAIL PROTECTED]>
  • Organization: [Technicalinfo.net]
  • Reply-to: <[EMAIL PROTECTED]>
  • Thread-index: AcPrXhFgk5hPAEtRTYC8Ya4hoh2nbg==
.
 
Next Generation Security Software ltd. (NGS) have now made available a
comprehensive technical whitepaper covering an often skipped phase of
pentesting - Passive Information Gathering.  This new paper is available for
download at: http://www.nextgenss.com/papers/NGSJan2004PassiveWP.pdf

ABSTRACT
 
Most organisations are familiar with Penetration Testing and other ethical
hacking techniques as a means to understanding the current security status
of their information system assets. Consequently, much of the focus of
research, discussion, and practice, has traditionally been placed upon
active probing and exploitation of security vulnerabilities. Since this type
of active probing involves interacting with the target, it is often easily
identifiable with the analysis of firewall and intrusion
detection/prevention device (IDS or IPS) log files. 

However, too many organisations fail to identify the potential threats from
information unintentionally leaked, freely available over the Internet, and
not normally identifiable from standard log file analysis. Most critically,
an attacker can passively gather this information without ever coming into
direct contact with the organisations servers - thus being essentially
undetectable. 

Very little information has been publicly discussed about arguably one of
the least understood, and most significant stages of penetration testing -
the process of Passive Information Gathering. This technical paper reviews
the processes and techniques related to the discovery of leaked information.
It also includes details on both the significance of the leaked information,
and steps organisations should take to halt or limit their exposure to this
threat.



http://www.nextgenss.com/papers/NGSJan2004PassiveWP.pdf

We hope the paper proves informative and useful to you all.




------------------------------------------------------
G u n t e r   O l l m a n n,            MSc(Hons), BSc
Professional Services Director                        
                                                      
Next  Generation  Security  Software  Ltd.            
First Floor, 52 Throwley Way  Tel: +44 (0)208 401 0089
Sutton, Surrey, SM1 4BF, UK   Fax: +44 (0)208 401 0076
http://www.nextgenss.com      
------------------------------------------------------ 



---------------------------------------------------------------------------
----------------------------------------------------------------------------
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.