CAPEC-580
System Footprinting
Description
An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.
Prerequisites
The adversary must have logical access to the target network and system.
Mitigations
Keep patches up to date by installing weekly or daily if possible.
Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist.
Skills Required
[Low] The adversary needs to know basic linux commands.