What is active reconnaissance? - Definition from WhatIs.com

Definition

active reconnaissance

Part of the Network security glossary:

Active reconnaissance is a type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities. 

The word reconnaissance is borrowed from its military use, where it refers to a mission into enemy territory to obtain information. In a computer security context, reconnaissance is usually a preliminary step toward a further attack seeking to exploit the target system. The attacker often uses port scanning, for example, to discover any vulnerable ports.  After a port scan, an attacker usually exploits known vulnerabilities of services associated with  open ports that were detected.

Somewhat confusingly, active and passive reconnaissance are both sometimes referred to as passive attacks because they are just seeking information rather than actively exploiting the targets, as active attacks do.

Both active and passive reconnaissance are also used for ethical hacking, in which white hat hackers use attack methods to determine system vulnerabilities so that problems can be taken care of before the system falls prey to a real attack.

The simplest way to prevent most port scan attacks or reconnaissance attacks is to use a good firewall and intrusion prevention system (IPS). The firewall controls which ports are exposed and to whom they are visible. The IPS can detect port scans in progress and shut them down before the attacker can gain a full map of your network.

See also: cracker, hacker, well-known port number, vulnerability analysis (vulnerability assessment)

 

Continue reading about active reconnaissance:

> Reconnaissance attacks are covered in this introduction to network security.

> eTorials also covers reconnaissance attacks.

This was last updated in April 2012
Posted by: Margaret Rouse

Related Terms

Definitions

  • Trojan horse

    - A Trojan horse is a program that appears harmless but is, in fact, malicious. Attackers have long used Trojan horses as a way to trick end users into installing malware. (SearchSecurity.com)

  • critical infrastructure security

    - Critical infrastructure security is the area of concern surrounding the protection of systems, networks and assets whose continuous operation is deemed necessary to ensure the security of a given n... (WhatIs.com)

  • hardware security

    - Hardware security is vulnerability protection that comes in the form of a physical device rather than software that is installed on the hardware of a computer system. The term also refers to the pr... (WhatIs.com)

Glossaries

  • Network security

    - Terms related to network security, including definitions about intrusion prevention and words and phrases about VPNs and firewalls.

  • Internet applications

    - This WhatIs.com glossary contains terms related to Internet applications, including definitions about Software as a Service (SaaS) delivery models and words and phrases about web sites, e-commerce ...

Ask a Question About active reconnaissancePowered by ITKnowledgeExchange.com

Get answers from your peers on your most technical challenges

Tech TalkComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.