This Chapter introduces you to the two of the most important pre-attack phases: footprinting and scanning. Although these steps don't constitute breaking in, they occur at the point which a hacker will start to get interactive. The goal here is to discover what a hacker or other malicious user can uncover about the organization, its technical infrastructure, locations, employees, policies, security stance, and financial situation. Just as most hardened criminals don't just heist an armored car, elite hackers won't attack a network before they understand what they are up against. Even script kiddies can do some amount of pre-attack reconnaissance as they look for a target of opportunity.
This Chapter starts off by looking at some general ways that individuals can attempt to gain information about an organization passively and without the organization's knowledge. Next, it gets interactive and reviews scanning techniques. The goal of scanning is to discover open ports and applications.
Determining Assessment Scope