CHAPTER 9 - Information Gathering

Abstract

This chapter focuses on the information gathering phase of penetration testing project, which is the first step in conducting a penetration test and is arguably the most important. Information gathering can be segregated into two different types—passive and active. In passive information gathering, penetration testers try to gather as much information about their target network and systems without connecting to them directly. During the Information Gathering phase, a lot of different types of searches are conducted, including information not specifically related to the target network, including employee information, physical location, and business activity. Possible searches could include Web presence of the target, personal Web sites of employees, archival sites, job postings by target, newsgroups, reverse Domain name system (DNS) information of the target. The second type of information gathering is active, in which testers connect to their targets. From a project management perspective, this phase will directly impact the project's Executing Process group and will help refine your outputs from quality assurance (QA), project team processes (both the acquiring and the developing processes), and certainly impact the “request seller responses” activity, as defined by the Project Management Body of Knowledge (PMBOK). As expected, there are some project management concerns in this phase of the penetration test. Specifically, the actions that will most affect engineers at the end of the Information Gathering phase is the acquisition and development of the project team, based on the findings of this phase.