Enumeration in Cybersecurity: Definition, Types & Uses

Instructor: Prashant Mishra

Prashant is currently pursuing his bachelors in Computer Science and Engineering.

In this lesson, you will be introduced to the concept of enumeration, its significance and its types. We will also discuss how enumeration can give an attacker access to sensitive data . We will then finally describe the enumeration step of security testing.


Enumeration is basically counting. A hacker establishes an active connection to the target host. The vulnerabilities are then counted and assessed. It is done mainly to search for attacks and threats to the target system.

Enumeration is used to collect usernames, hostnames, IP addresses, passwords, configurations, etc.

When an active connection to the target host is established, attackers gain the control of the target system. They then steal private information and data. In some cases, hackers (attackers) have also been found changing the configuration of the target systems. The way the connection is established to the host determines the data or information the hacker will be able to access.

How Enumeration Gives an Attacker Access to Sensitive Data

It will become clear in later sections exactly how most of the sensitive information of a system gets leaked. Systems running old software often lack modern amenities such as firewalls, etc. to block any attack that comes from the outside.

Enumeration as discussed poses serious problems to the systems. Theft of data, etc., is done regularly. Many companies are paying huge amounts to people with knowledge of enumeration, as preventing enumeration and attacks results in more secure systems. The methods discussed below to avoid different types of enumeration are simple and are heavily employed.

Enumeration is very important to programmers, as it poses significant challenges to the security of any system. Secure programming is emerging as an important concept because of enumeration. As you will see later when discussing enumeration types, enumerations such as NTP pose threats to web applications. As a programmer, it becomes important that his/her application cannot be attacked and the user's data is kept safe.


Enumeration is of mainly eight types. They are:

Windows Enumeration

Windows operating systems are enumerated using this type of enumeration. The attacker uses tools from Sysinternals to achieve this. This is the most basic enumeration happening, and the hackers attack desktop workstations. This means that the confidentiality of the files is no longer maintained. Any file can be accessed and altered. In some cases, hackers may also change the configuration of the desktop or operating system.

It can be prevented by using Windows firewall, etc. A firewall is a very basic application that acts as a scanner and blocks any foreign signals trying to establish connection with the system.

NetBIOS Enumeration

Developed by IBM and Sytek, NetBIOS stands for Network Basic Input Output System. It was initially developed as an application to give access to LAN resources by the client's software to a third party. The software runs on port 139 of the Windows Operating System.

Hackers mainly use this to collect passwords and perform read/write operations on the target system. Configuration and access rights of a system are enumerated here.

It can be prevented by limiting file sharing and printer sharing. It can also be prevented by minimizing the use of servers.

LDAP Enumeration

LDAP stands for Lightweight Directory Access Protocol. As the full name suggests, it is an internet protocol to access directory services. A directory service is a pool where user's records are stored. It is transmitted over TCP.

It discloses sensitive information such as username, IP address, etc. of the user. Hence, the basic details of a user get enumerated here.

It can be prevented by implementing SSL and enabling account lockout.

SNMP Enumeration

SNMP stands for Simple Network Management Protocol. It runs on User Datagram Protocol (UDP), and is an application-layer protocol.

It is used mainly to know about the network of the target host, the devices with which it shares data, and traffic statistics. Network details of the target system are enumerated here.

It can be prevented by implementing firewalls, etc.

Linux/UNIX Enumeration

Hackers who need to enumerate a target host whose operating system is Linux/UNIX use this type of enumeration. It works in the same way as others and collects various sensitive data.

It is similar to Windows enumeration with just a change in operating systems.

It can be prevented by configuring IPTables.

NTP Enumeration

NTP stands for Network Time Protocol. It is used to synchronize the clock of the target computer. It is known for its high accuracy. It uses agent-server architecture to achieve this, and works on the same User Datagram Protocol (UDP) as SNMP.

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 160 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create An Account