Temple University

Week 3 Readings and In the News

Using Open Source Reconnaissance Tools for Business Partner Vulnerability Assessment (Young, S., 2014) . This article began with a warning about the legal risks of assessing the vulnerabilities of websites and servers used by prospective and current business partners, and went on to provide an informative discussion of a number of public information sources and non-intrusive open source reconnaissance tools that can be used to conduct vulnerability assessments.

The Art of Reconnaissance – Simple Techniques (Bhamidipati, S. 2001). This article presented reconnaissance as a straight forward three-step process.  The first step is reconnaissance and focuses on obtaining basic information about a target entity’s internet presence, including domain names, servers and IP addresses, network connection to the internet.   The second step uses pings and  port scanning via a series of commands to determine the nature and configurations of the entity’s machines including Operating Systems,  open ports and services that are open, running, and available. The third-step is a more detailed reconnaissance focused on finding out the software and versions supporting available services.  While the author does not actively mention it, it seems that the logical next step is to follow up and assess the vulnerabilities of the software versions being used.

Question for class:  Are any of the techniques described in the articles safe to use on my work computer, or would I be smarter to first set up “totally” anonymous accounts and non-work personal computer before delving into hands on reconnaissance and penetration testing?

 In the News Article –  BlackHat2014: Airport Scanners Riddled with Security Flaws (Rashid, F.Y. 2014-08-08).  Security researchers report that scanners used in many US airports are “riddled with security flaws.”   Flaws cited included storing baggage X-Ray machine user credentials in plain text, hardcoded passwords providing vendors backdoor access for maintenance and testing are vulnerable, and time clock system used to synchronize RSA security passwords is available from Internet.  http://www.infosecurity-magazine.com/news/airport-scanners-riddled-with/

2 Responses to Week 3 Readings and In the News

Leave a Reply

Your email address will not be published. Required fields are marked *