Enumeration forms the basis of information gathering of the target system during a cyber attack. Once attackers have established a connection with the target host during an enumeration attack, they can send directed queries to extract information on system vulnerabilities. Attackers typically assess attack vectors by leveraging the enumeration’s outputs to exploit the system further. Malicious actors also use penetration testing tools to gain pieces of information such as:
- IP routing tables
- DNS details
- SNMP information
- Users on database records
- Network services and shares
Understanding Enumeration Concept
Hackers use the enumeration technique to extract information from SNMP data, IP tables, usernames of systems, lists of password policies, etc.
Below is the type of information that can be extracted with enumeration:
- Routing tables
- Audit settings
- Service configuration settings
- Network source
- Groups in a network
- Names of machines
- SNMP details
- DNS records
- Use ‘Additional restrictions for anonymous connections’. It is a Group Policy security feature.
- Restrict the access to null session shares, null session pipes, and IPsec filtering.
- Turn the SNMP service off or remove the SNMP agent.
- Modify the name of the default community string name if you can’t turn off the SNMP.
- Use SNMPV3. It is more secure and encrypts the messages and passwords.
- Don’t allow the DNS zone transfers to hosts that are not trusted.
- Avoid publishing the private hosts and IP addresses into DNS zone files at a public server.
- Utilize premium DNS registration services that can help you hide confidential information.
- Disable the open relay option in SMTP servers.
- Use an SSL certificate for traffic encryption.