The first step in ethical hacking is to gather information on the target system. The tools and techniques used to gather this information is called Footprinting. Footprinting includes gathering information about the network, host and also people who work in that organization. It is a key process that needs to be done thoroughly for any ethical hacker to be successful.
Footprinting helps in assessing the security posture of an organization. It allows the ethical hacker to learn the IP addresses, DNS information, operating systems, phone numbers, email ids, and other valuable information. Footprinting can provide an overview of how an organization prioritizes it’s security posture.
Attack surface reduction
Footprinting allows the ethical hacker to understand the attack surface. One of the first things that and ethical hacker will do is analyze what ports are open and determine the characteristics of the target system.
What is the easiest way to reduce the attack surface? Be sure to close all unused ports. This is a very basic concept but hackers love when this concept is overlooked. And it often is!
Footprinting will assist in drawing network maps of the target organization. These network maps cover topology, routers, servers and other key components in the network. Footprinting helps to identify the details of the network components and may even allow the ethical hacker to identify the physical location of the components!