Whereas previous chapters examined what is needed from a hardware and software perspective, this chapter begins to explore how to start to utilize your new equipment. Although you might be eager to start loading advanced tools and learning more about exploits, this chapter focuses on your brain. This approach might not be what you were expecting, but what is important to remember here is that when applying for a security position, you are not only selling your technical skills; you are also selling your ability to think and reason. Before you ever purchase your first firewall upgrade or the deploy an intrusion detection system (IDS), you need to look at the types of nontechnical security leaks that are occurring. That is what this chapter examines. This chapter explores the ways in which information leakage can damage an organization. The chapter guides you through some common areas where attackers and others will look to gather information to potentially exploit the company or business entity.

Information gathering can be defined as the act of collecting data relevant to a specific goal. Although this process can take on many different forms, such as businesses gathering information about their customers and buying habits (metadata), the type of information gathering discussed here deals with methods used to profile and attack a potential target. Remember, after all, most attacks do not occur in a void. The attacker must first know something ...