In many cases, the first objective is to gain initial access, so additional reconnaissance can be conducted. This reconnaissance could include scouting out resources, IP addresses, and possibly running a network discovery (mapping) program or even a sniffer-type packet-capturing utility, hoping to capture administrative-level passwords.

War dialers can be used to dial a large number of phone numbers looking for modems. A new variation involves sitting in a parking lot or in a building across the street with a laptop and a wireless NIC, looking for unsecured or poorly secured access points.

Again, don’t overlook the person on the inside who already has access through an authorized user name and password. Whether connecting from outside or from an inside host, they have the first hurdles resolved.