WHOIS lookups
The best starting point is to perform a WHOIS lookup by using any one of the tools available on the internet. In case you're not familiar, WHOIS is a protocol you can use to query online databases such as DNS registries to learn more about domain names and IP address blocks. You may have used WHOIS to check whether a particular internet domain name is available.For security testing, WHOIS provides the following information that can give a hacker a leg up to start a social engineering attack or to scan a network:
-
Internet domain name registration information, such as contact names, phone numbers, and mailing addresses
-
DNS servers responsible for your domain
-
A domain registrar's site, such as www.godaddy.com
-
Your ISP's technical support site
-
Display general domain-registration information
-
Show which host handles e-mail for a domain (the Mail Exchanger or MX record)
-
Map the location of specific hosts
-
Determine whether the host is listed on certain spam blocklists
The following list shows various lookup sites for other categories:
-
AFRINIC (Regional Internet Registry for Africa)
-
APNIC (Regional Internet Registry for the Asia Pacific Region)
-
ARIN (Regional Internet Registry for North America, a portion of the Caribbean, and subequatorial Africa)
-
LACNIC (Latin American and Caribbean Internet Addresses Registry)
-
RIPE Network Coordination Centre (Europe, Central Asia, African countries north of the equator, and the Middle East)
Privacy policies
Check your website's privacy policy. A good practice is to let your site's users know what information is collected and how it's being protected, but nothing more. I've seen many privacy policies that divulge a lot of technical details on security and related systems that should not be made public.Make sure the people who write your privacy policies (often non-technical lawyers) don't divulge details about your information security infrastructure. Be careful to avoid the example of an internet start-up businessman who once bragged about his company's security systems that ensured the privacy of client information (or so he thought). If you went to his website to check out his privacy policy, you found he had posted the brand and model of firewall he was using, along with other technical information about his network and system architecture. This type of information could certainly be used against him by the bad guys. Not a good idea.