Footprinting Contermeasures

2 Footprinting Contermeasures

My resume of module 02 footprinting form CEH material

So far, we have discussed the importance of footprinting, various ways to perform the task, and the tools that help to conduct execution. Now we will discuss footprinting countermeasures, the measures or actions taken to prevent or offset information disclosure.

Some of the footprinting countermeasures are as follows:

• Restrict the employees to access social networking sites from organization’s network
• Configure web servers to avoid information leakage
• Educate employees to use pseudonyms on blogs, groups, and forums Do not reveal critical information in press releases, annual reports, product catalogues and so on.
• Limit the amount of information that you are publishing on the website/ Internet
• Use footprinting techniques to discover and remove any sensitive information publicly available
• Prevent search engines from caching a web page and use anonymous registration services
• Develop and enforce security policies such as information security policy, password policy and so on. to regulate the information that employees can reveal to third parties
• Set apart
• Disable directory listings in the web servers
• Conduct periodically security awareness training to educate employees about various social engineering tricks and risks
• Opt for privacy services on Whois Lookup database
• Avoid domain-level cross-linking for the critical assets
• Encrypt and password protect sensitive information
• Donot enable protocols that are not required
• Always use TCP/IP and IPSec filters for defense in depth
• Configure IIS to avoid information disclosure through banner grabbing
• Hide the IP address and the related information by implementing VPN or keeping server behind a secure proxy
• Request archive.org to delete the history of the website from archive database
• Keep domain name profile a private one