Step 2 - Scanning and Enumeration
Scanning refers to the stage where the hacker scans the network with specific information gathered from the reconnaissance phase.
Scanning and Enumeration are intelligent ways of gathering sensitive information about the target company's network architecture. Information relating to the company's IP addresses, OS, DNS servers and Zone Transfer information can sometimes be extracted using specialist techniques that fall into this category. Scanning can essentially be considered the rational extension of reconnaissance.
Scanning involves steps such as intelligent system port scanning which is used to determine open ports and vulnerable services. In this stage the attacker can use different automated tools to discover system vulnerabilities.
Other techniques used in this phase include:
- Network Mapping;
- Use of Diallers; and
- Vulnerability Scanners;
The risk to a network if this stage of a real life security attack was successful is considered to be very high. At the end of this stage the hacker would have established the points of entry with which to launch an attack.