2007 A hacking Odyssey – Reconnaissance
The aim of this series of papers that will take an in-depth look at how someone may target and electronically break into an organisation, is to educate people who may be tasked with looking after and securing a corporate network to do so in an effective manner.
My personal outlook on this issue is that if you have no idea about the steps a would-be attacker will take to try and gain access to your systems, then you as an administrator can not effectively secure your system to an acceptable standard. Some people may disagree about the concept of demonstrating to people how to gain access to networks they are not meant to, whilst others agree with the ‘full disclosure’ approach.
Take a firewall for example – if you don’t understand the steps an attacker will go through to try and get traffic through your firewall, then how can you stop them for doing it? All you can do is configure it the best way you know how and hope it is good enough.