The following is an excerpt from Passive Python Network Mapping by author Chet Hosmer and published by Syngress. This section from chapter two explores what's running on our networks that we don't know about.

Modern environments boast massive infrastructures and sophisticated security technologies designed to keep the bad guys out.

What if the bad guys are already in?

Today, the defensive technology mix includes traditional firewalls, application firewalls, a demilitarized zone (DMZ), virtual private networks (VPN), antivirus, anti-spyware, patch management infrastructures, content filters, host and network data leak protection (DLP), specialized privilege guards and security event and incident management (SEIM) solutions. Unfortunately, these systems and technologies do little to protect against new threats or hidden vulnerabilities that exist within the environment they protect. In some cases, they exist within the security solutions themselves!

In addition, the solutions today bear resemblance and similar weaknesses to those created by the French Minister of War, Andre Maginot, who in the 1930's created fortifications to protect France from a German invasion. Much like the Maginot line (see figure 2-1), modern cyber security solutions provide great protection against a direct attack, but can be circumvented by insiders through the exploitation of unknown vulnerabilities, via new attack vectors, by means of social engineering activities and can be infiltrated due to lack of deep understanding of one's own environment.

Big vs. Little It turns out that many smaller organizations are more difficult to penetrate due to the fact that the environment is better understood by both the Information Technology (IT) teams and the Cyber Security teams that protect them. Larger organizations in many cases have undergone numerous mergers and acquisitions along with the melding of information systems. They have also been around longer and likely employ legacy technologies, or have systems operating throughout their network that have simply been forgotten and are running services that are vulnerable. The following statement is critically important…. The more you know about your environment, the better you can protect your assets, the easier you can detect anomalous activity, and the faster you can react to new attacks and vulnerabilities.