Discuss three approaches of acquiring information needed to penetrate a network.

Attackers acquire information to penetrate a network using several approaches:

1. Passive Reconnaissance (Open Source Intelligence - OSINT): Attackers gather information from publicly available sources without directly interacting with the target network. This method avoids direct detection by network defenses. For example, attackers query public databases for domain registration details, review company websites and social media profiles for organizational structure and employee information, and use search engines for exposed data. This approach helps build a foundational understanding of the target's infrastructure and potential vulnerabilities.

2. Active Network Scanning: This approach involves sending probes directly to the target network to elicit responses that reveal details about active hosts, open ports, and the services running on those ports. Active scanning generates network traffic and can be detected by intrusion detection systems (IDS). For example, using tools like Nmap to perform TCP SYN scans helps identify open ports, or sending UDP probes to discover running UDP services. This provides a detailed map of the network's attack surface.

3. Vulnerability Assessment and Enumeration: After identifying active hosts and services through scanning, attackers perform detailed vulnerability assessments to discover specific weaknesses in software versions, configurations, or protocols. Enumeration involves extracting granular information, such as valid user accounts, shared resources, or system configurations. For example, attackers might use a vulnerability scanner to test identified web servers for common vulnerabilities like SQL injection, or enumerate user lists from an LDAP server. This step aims to pinpoint exploitable entry points.