As you’re probably aware by now, EC-Council is in love
with methodology. Sure, in the real world you may not follow the steps
blindly in order, but I don’t think that’s the point of listing something
in a methodology format. A methodology—no matter how silly it may
seem on a test or when you’re sitting there performing a real pen
test—ensures you don’t miss anything and that all your bases are covered.
In that regard, I guess it’s a lot like a preflight checklist, and
this is EC-Council’s version of making sure your scanning flight goes
smoothly.
Just as the steps of the overall hacking process can
blend into one another, though, keep in mind these steps are simply
guidelines and not hard-and-fast rules to follow. When you’re on the
job, situations and circumstances will occur that might force you to
change the order of things. Sometimes the process of completing one phase
will seamlessly blend directly into another. Don’t fret—just go
with the flow and get your job done. EC-Council’s scanning
methodology phases include the following steps:
1. Check for live systems. Something as simple as a
ping can provide this. This gives you a list of what’s actually alive on
your network subnet.
2. Check for open ports. Once you know which IP addresses
are active, find what ports they’re listening on.
3. Scan beyond IDS. Sometimes your scanning efforts
need to be altered to avoid those pesky intrusion detection systems.
4. Perform banner grabbing. Banner grabbing and
OS fingerprinting will tell you what operating system is on the machines
and which services they are running.
5. Scan for vulnerabilities. Perform a more focused
look at the vulnerabilities these machines haven’t been patched for
yet.
6. Draw network diagrams. A good network diagram
will display all the logical and physical pathways to targets you might
like.
7. Prepare proxies. This obscures your efforts to keep you hidden.
This methodology has about as much to do with real life as I have to do with an Oscar nomination, but it’s a memorization effort you have to do. ECC didn’t intend it as much a step-by-step procedure as a checklist to make sure you get to everything you are supposed to during this phase. Despite which order you proceed in, if you hit all the steps, you’re probably going to be successful in your scanning efforts.