Footprinting: A Methodology for Auditing eSystem Vulnerabilities

This paper discusses the often overlooked issues and key vulnerabilities evident in Web facing technologies. The process of uncovering these issues and vulnerabilities is known as footprinting. We describe how organisations leak key information from their Web facing systems. Essentially the paper describes how individuals may target an organisation´s Internet systems using general purpose tools and techniques to obtain a digital footprint of that organisation and its system security posture. In particular, the paper highlights that footprinting is often a precursor to an attempted breach of the system perimeter by individuals with ulterior motives. Footprints are regarded as the first stage of a system compromise conducted by individuals wishing to escalate key system privileges with a view to exploiting known system vulnerabilities. The paper also states that footprinting is an activity that is often overlooked by administrators when hardening their systems and security profile. As a consequence of this we highlight the need for system administrators to have an awareness of the nature and type of footprints that their web facing systems provide the external environment and the consequences of failing to adequately control information leakage. The paper concludes by highlighting the need for individuals in various roles within an organization to be able to clearly identify and stem information leakage from their web facing systems in order to minimize the impact on systems´ security and vulnerability.