hi can you please help me with this homeword?

Footprinting and Reconnaissance

Module 02

Objective

The objective of the lab is to extract information about the target organization that includes, but is not limited to:

• Internet Protocol (IP) address and IP range associated with the target
• Purpose of organization and why it exists
• Size of the organization
• Class of its IP block
• People and contacts at the target
• Types of operating systems (OS) and network topology in use
• Type of firewall implemented, either hardware or software or combination
• Type of remote access used, either SSH or VPN

Scenario

Reconnaissance refers to collecting information about a target. It has its roots in military operations where it refers to the missions to collect information about an enemy. Information gathering is the first step in any attack on information systems. It helps attackers to narrow down the scope of their efforts and helps them select the weapons of attack. Attackers use information about the target to create a blueprint or footprint of the organization, which helps them in selecting the most effective strategy to compromise system and network security.

Similarly, the security assessment of a system or network starts with the reconnaissance and footprinting of the target. Ethical hackers and penetration (pen) testers must collect enough information about the target of the evaluation before starting the assessments. The ethical hackers and pen testers should simulate all the steps that an attacker usually follows in order to obtain a fair idea of the security posture of the target organization.

In this scenario, you work as an ethical hacker with a large organization. Your organization is alarmed at the news stories about new attack vectors plaguing large organizations around the world. Your organization was also a target of a major security breach in the past where the personal data of several of its customers were exposed on social networking sites.

You have been asked by top management to perform a proactive security assessment of the company. Before you can start any assessment, you should discuss with the management and define the scope of this assessment. Scope of the assessment identifies the systems, network, policies and procedures, human resources, and any other component of the system that requires security assessment. You should also agree with management on rules of engagement (RoE) the dos and donts for assessment. Once you have the necessary approvals to perform ethical hacking for your organization, you should start gathering information about the target organization from public sources. The labs in this module will give you real-time experience in collecting information from various open sources.