Step 2 - Target Scanning
This step involves the hacker identifying available Routes of attack. This could be either a virtual (external) attack or a physical (internal) attack if access to the premises could be gained. Virtual routes of attack can be pinpointed using widely available software.
Examples of a Virtual Attack
- The outgoing and incoming route of a company hosting an email server
- Wireless Networks
- Router's with out of the box configurations
- Computers and servers with outstanding updates not installed
- External facing services, such as Outlook Web Access and Remote Web
Examples of a Physical Attack
- Disgruntled or previous employee
- Lax security and procedures
- Electronic devices that have been hacked
- Key logging devices
- Use of USB memory sticks
- Third party contractors
Protection: Carry out an assessment of both Internal and External security and procedures and identify potential routes of attack and introduce counter measures.