Enumeration is the most aggressive of the information-gathering processes in any attack. During enumeration, an attacker determines which systems are worth attacking by determining the value a system possesses. Enumeration takes the information that an attacker has already carefully gathered and attempts to extract information about the exact nature of the system itself.
Answer the following question(s):
- If you were an IT security manager, what would you include in your security policy regarding enumeration?
- If you worked as an attorney in the Legal department, would you want different language in the security policy? Why or why not?
