Refers to the process of collecting as much as information as possible about the target system to find ways to penetrate into the system. An Ethical hacker has to spend the majority of his time in profiling an organization, gathering information about the host, network and people related to the organization.
Information such as ip address, Whois records, DNS information, an operating system used, employee email id, Phone numbers etc is collected.
Footprinting helps to
Know Security Posture – The data gathered will help us to get an overview of the security posture of the company such as details about the presence of a firewall, security configurations of applications etc.
Reduce Attack Area – Can identify a specific range of systems and concentrate on particular targets only. This will greatly reduce the number of systems we are focussing on.
Identify vulnerabilities – we can build an information database containing the vulnerabilities, threats, loopholes available in the system of the target organization.
Draw Network map – helps to draw a network map of the networks in the target organization covering topology, trusted routers, presence of server and other information.