Footprinting is the act of gathering information about the security profile of a computer system or organization, undertaken in a methodological manner. It is the first of the three preattack phases: footprinting, scanning, and enumeration. Effective footprinting results in development of organizational profile similar to a strategic map used in a battle or a blueprint of a building. A footprint describes the structure and topology of a given system. There is no single methodology for footprinting and ethical hacker can choose several routes to trace information; however, footprinting is essential, as the more crucial information the hacker has, the more prepared he or she is to decide on course of action.
The information the ethical hacker is looking for during the footprinting phase is anything that gives clues as to the network architecture, server, and application types where valuable data is stored. Before an attack or exploit can be launched, the operating system and version as well as application types must be uncovered so the most effective attack can be launched against the target. Here are some of the pieces of information to be gathered about a target during footprinting domain name, network blocks, network services and applications, system architecture, intrusion detection system, authentication mechanisms, specific IP addresses, access control mechanisms, phone numbers and contact addresses.
Once this information is compiled, it can give a ethical hacker better insight into the organization, where valuable information is stored, and how it can be accessed.
