Step 2 - Target Scanning

This step involves the hacker identifying available Routes of attack. This could be either a virtual (external) attack or a physical (internal) attack if access to the premises could be gained. Virtual routes of attack can be pinpointed using widely available software.

Examples of a Virtual Attack

  • The outgoing and incoming route of a company hosting an email server
  • Wireless Networks
  • Router's with out of the box configurations
  • Computers and servers with outstanding updates not installed
  • External facing services, such as Outlook Web Access and Remote Web

Examples of a Physical Attack

  • Disgruntled or previous employee
  • Lax security and procedures
  • Electronic devices that have been hacked
  • Key logging devices
  • Use of USB memory sticks
  • Third party contractors

Protection: Carry out an assessment of both Internal and External security and procedures and identify potential routes of attack and introduce counter measures.