Enumeration avoidance techniques
As seen in the content of this chapter, an attacker can gain a lot of critical infrastructure information using freely available tools and techniques. As penetration testers, we cannot simply focus on attacking the network, we must also understand mitigating controls sufficiently to be able to offer advice and guidance to our customers. There are several methods that can be used by a corporation that will make it more difficult for an attacker to gain the information necessary to make a stealthy, successful attack on the customer's assets.
Naming conventions
Administrators should be encouraged to use naming schemes that do not give away information about the devices. For instance, let's say you used Nmap-Fu or DNS-Fu ...
Get Advanced Penetration Testing for Highly-Secured Environments - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
