Sidebar 1: So Where Do I Scan?

It's a good idea to scan your systems and networks in multiple spots. The vulnerabilities need to be accessed on all sides of your Internet firewall, and on both sides of any subnets that are protected by packet filtering. Why would we need to access vulnerabilities on the inside of the firewall or filtering routers? Firewalls and packet filtering are a staple of network security, but not an end-all solution. For example, an unsuspecting user could download a Trojan from the Internet. This Trojan then initiates connections from the user's workstation back out to the Internet. The traffic comes from a trusted host either through the firewall from the inside out or directly attacking the inside. Many firewalls are configured to allow traffic initiated from the inside back out to the Internet. Also, remote access and Virtual Private Networking (VPN) should be considered. An open door in that instance would have different ramifications than via the Internet.