Skip to main content

Intelligence Preparation of the Battlefield: What is Your Footprint?

April 29, 2013

“If you know the enemy and know yourself you need not fear the results of a hundred battles” – Sun Tzu

Intelligence is defined as the gathering of information or raw data that has been analyzed for its validity and usefulness. One of the first exercises an analyst uses in the beginning of an operation is IPB, or Intelligence Preparation of the Battlefield. The Army field manual FM 31-130 describes IPB as “a systemic, continuous process of analyzing the threat and environment in a specific geographic area."

Intel Blog 1

When preparing for the initial phase of Operation Iraqi Freedom, commanders and their staffs conducted several iterations of IPB. These included route studies to determine the best Lines of Communication (LOCs) to use in attacking north to Baghdad, as well as current and expected enemy positions and how best to neutralize them.

Many hours were spent researching Iraqi Order of Battle (OOB) to gain knowledge of the weapon systems in the Iraqi arsenal and where they were located. Analysts studied past engagements by both conventional forces and Republican Guard units to understand their tactics, techniques and procedures (TTPs) and where they were most likely to deploy.

By understanding the best courses of action to take and being able to predict and react to enemy movements, U.S. led Coalition Forces were able to quickly and decisively neutralize the threats and defeat Iraqi opposition and capture the Iraqi capital in 21 days.

Information security professionals should expect similar processes to be used by our enemies, but where would an attacker begin? One of the first ways that an attacker can determine an organization’s footprint and conduct an initial IPB is by performing Open Source Intelligence (OSINT) research against your organization. They will attempt to map out your network by utilizing the wealth of publically available information from sources such as the American Registry for Internet Number (ARIN) and WHOIS. They will use social media sites that your organization or employees engage in for marketing or personal use to obtain data that can be used for social engineering.

Once an attacker has finished their OSINT collection, they can begin the IPB phase. By running scans of the victim environment and using the information already collected such as full IP ranges and domains, they have the possibility of gaining system specific information by running various network device and service discovery techniques. This system information may include operating systems used, system architecture and purpose, different services running on the systems, and information on the applications and their versions installed on the systems. By having this information, an attacker can map out the true footprint and discover vulnerabilities that can later be exploited.

Just as Coalition Forces conducted several iterations of the IPB process as combat operations neared and began, so will the attacker. The attacker will need to know which course of action will work best to gain the access desired or to impact the target the greatest.

The strength of an organization’s security posture relies upon the intelligence you have of your own network and environment. The ability to prevent an attacker from gaining critical information that may allow them to successfully compromise your environment can be gained by running the same OSINT research against yourself and conducting an internal IPB. It would be beneficial for any organization to participate in periodic exercises as described above and run regular vulnerability scans. Companies should proactively monitor what content is available publically on social media sites and minimize that content to what is absolutely necessary.

Intel Blog 2

If the enemy knows your environment better than you do, they already have the keys to the castle, and like the Marines in Baghdad, they will take down your statue. Prevent this by following best practices and limiting your online exposure to what is truly necessary. Ensure you have the right security tools implemented to protect your interests and have the ability to pro-actively react to the presence of an intruder.

Image copyright CNN from broadcast of U.S. Marines toppling a statue of Saddam Hussein, Wednesday, April 9, 2003, in Firdos Square, Baghdad, Iraq.

Related Blogs

September 25, 2014

"Shellshock" Vulnerability in Bash Allows Unauthorized, Remote Code Execution

On September 24, a critical vulnerability - CVE-2014-6271 - was made public. This vulnerability, dubbed “Shellshock,” exposes a weakness in which cert...

See Details

March 18, 2014

Two Methods for Visualizing Intelligence

You should be familiar with the phrase “a picture is worth a thousand words.” In the gTIC, we agree 100% and are sure that most Information Technology...

See Details

June 09, 2014

Threat Intelligence is Evolving

People and organizations are beginning to understand that intelligence must be developed within an organization and that the solution is more than a c...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

April 30, 2009

Creating a Solid Information Security Program

A successful security program is not run like a dictatorship but rather like a partnership, one of the team, all fighting for a common cause. In order...

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

October 02, 2017

Device Management

Learn how Optiv provides efficient and trustworthy security device management on a growing number of security technologies.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.