It is never impossible for a hacker to break into a computer system, only improbable.

Network-based threats lie in wait around every corner in this information age. Even as I write this book, wireless networks are becoming a sore point for many companies and organizations that still don't understand how to secure their infrastructures. Networks are under siege from many different types of threat, including Internet-based hackers, worms, phone phreaks, and wireless assailants.

This book tackles one single area of information security in detail: that of undertaking IP-based network security assessment in a structured and logical way. The methodology presented in this book describes how a determined attacker will scour Internet-based networks in search of vulnerable components (from the network to the application level) and how you can perform exercises to assess your networks effectively. This book doesn't contain any information that isn't relevant to assuring the security of your IP networks; I leave listings of obscure techniques to behemoth 800-page "hacking" books.

Assessment is the first step any organization should take to start managing information risks correctly. My background is that of a teenage hacker turned professional security analyst, with a 100% success rate over the last five years in compromising the networks of financial services companies and multinational corporations. I have a lot of fun working in the security industry and feel that now is the time to start helping others by clearly defining an effective best practice network-assessment methodology.

By assessing your networks in the same way a determined attacker does, you can take a more proactive approach to risk management. Throughout this book, there are bulleted checklists of countermeasures to help you devise a clear technical strategy and fortify your environments at the network and application levels.