Countermeasures of Footprinting

Finding the level of risk connected with the organization's publicly available information is a crucial component of footprinting. Footprinting, also known as the preparatory phase is the first step in ethical hacking. The reconnaissance or footprinting part has the most weightage in the phases of hacking almost above 50%, making it the most crucial and vital. 

Methods, measures or actions taken to prevent information disclosure are as follows:
  • Restrict the employees' access to social networking sites from the organization's network. 
  • Configure web servers to avoid information leakage.
  • Educate employees to use pseudonyms on blogs, groups, and forums.
  • Do not reveal critical information in press releases, annual reports, product catalogs, etc.
  • Limit the amount of information that you are publishing on the website/Internet. 
  • Use footprinting techniques to discover and remove any sensitive information publicly available. 
  • Prevent search engines from caching a web page and use anonymous registration services. 
  • Develop and enforce security policies such as information security policy, password policy, etc, to regulate the information that employees can reveal to third parties.
  • Set apart internal and external DNS or use split DNS, and restrict zone transfer to authorized servers.
  • Disable directory listings in the web servers. 
  • Conduct security awareness training periodically to educate employees about various social engineering tricks and risks. 
  • Opt for privacy services on the Whois lookup database.
  • Avoid domain-level cross-linking for critical assets.
  • Encrypt and password-protect sensitive information. 
  • Do not enable protocols that are not required. 
  • Always use TCP/IP and IPSec filters for defence in depth. 
  • Configure IIS to avoid information disclosure through banner grabbing. 
  • Hide the IP address and the related information by implementing VPN or keeping the server behind a secure proxy.
  • Request to delete the history of the website from the archive database.
  • Keep the domain name profile private. 
  • Place critical documents such as business plans and proprietary documents offline to prevent exploitation. 
  • Train employees to prevent social engineering techniques and attacks. 
  • Sanitize the details provided to the Internet registrars to hide the direct contact details of the organization.
  • Disable the geo-tagging functionality on cameras to prevent geolocation tracking. 
  • Avoid revealing one's location or travel plans on social networking sites. 
  • Turn off geolocation access on all mobile devices when not required. 
  • Ensure that no critical information such as strategic plans, product information, and sales projections is displayed on notice boards or walls. 

You might be also interested in,

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

No comments:

Post a Comment