The key is in understanding the attack types. After gathering and interpreting data from a variety of sources--including CAIDA (Cooperative Association for Internet Data Analysis), ISS (Internet Security Systems), NIST's ICAT and Security Focus--and conferring with people on the information-security front lines, we came to several conclusions about the real dangers your organization
faces from Internet-borne attacks and how you can minimize your risk.
An attack's progression is straightforward, typically following a well-defined set of steps. Getting root or administrative privileges is often the attacker's goal (for a detailed account of an actual attack see "Anatomy of a Network Intrusion").
The first phase is network reconnaissance. The attacker discovers as much as he or she can about the target using public databases and documents, as well as more invasive scanners and banner grabbers. Once services have been identified, the attacker tries to discover vulnerabilities, either through more research or by using a tool designed to determine if the service is susceptible.