Footprinting is a tactic used to collect data about a computer system. Using individual pieces of information that may not be critical on their own, a person profiling a system can identify vulnerabilities and develop a plan to compromise it. Hackers make use of footprinting to gain access to a system for a variety of activities. Companies with concerns about the security of their computer systems may hire security personnel to run testing to mimic real-world footprinting. This allows them to identify weak points in their networks that could create vulnerabilities later.
A number of techniques can be part of an attempt to profile a computer system. Hackers can take advantage of publicly available information like the registered owners of websites or the Internet Protocol (IP) addresses of outgoing emails. They may use scanning tools to look for computers attached to a network, identify file structures, and determine how the network is laid out. This can allow them to identify critical servers as well as potential access points that might be used.
Protecting networks can involve a delicate balancing act. Information technology staff could disallow a number of activities on a network to make it much harder to footprint. This can also create problems for legitimate users, however, which makes it important to think carefully about which functions to disable. If something would leave a network open to port scanning, for example, it might be a good idea to set up some security measures, but forcing repeat password authentication for another process might be burdensome. Network technicians may also protect systems with tools like anonymizing ownership and originating IP addresses.
Successful footprinting can allow someone to create a detailed map of the network. The map shows what is attached to the network and what kinds of functions different components perform. It may also highlight weak points identified during the research phase. This information can be used to plan an attack. In the case of a security consultation to help a company improve safety, the same map can be used to show personnel where they need to beef up security to prevent a real incursion on the network.
Software utilities for footprinting are available through a number of websites. Some have legitimate uses, and others may be coded by hand to meet a specific need. The blend of malicious and practical uses for many common hacking techniques can make it difficult to develop tools to combat hackers and techniques like network footprinting.