Hackers attack systems by throwing their bag of tricks at a network device and sneaking in through any cracks they find. But they don’t just attack computers any more; they’re targeting anything with an IP address, such as routers, printers, network-attached storage units, wireless access points and backup appliances. Their motto is simple: have IP address, hack IP address.

Jesper Jurcenoks, CTO for NetVigilance, anchored the “Security 2008: What You Need Now” panel of experts during the Chicago ITEC conference. His company specializes in vulnerability assessment, the practice of checking company networks for holes that hackers could use to attack your systems. If NetVigilance helps you fix your network first, hackers can't get a foothold, or that’s the pitch.

Vulnerability assessment software and services have come downmarket a bit, and many small to medium companies include these tools in their security toolbox. I asked Jurcenoks exactly what vulnerability assessment is, and he started by telling me what it's not.

"It is not a substitute for antivirus and antispyware software," Jurcenoks said. "Our software will fix the top twenty most serious viruses and rootkits when we find them, but that's not our focus. We check network devices to make sure the holes in the operating systems are secured to keep the hackers out. We are proactive, and find holes viruses come through, rather than reactive like antivirus products that clean up an infected system."

The software works by checking the network for all devices with an IP address and discovering what operating system is running. Then it scans software ports (software addresses that send or receive information, such as port 80 for Web browsing) to see what services are running, if any, on every port. Once the software has that information, it verifies all appropriate security protections are in place for those running services.

"We don't have to make client software to run on systems to do the checks," Jurcenoks said. "We run across the network. I can test every device. If you have an AS/400, I can check it for holes and problems."

No doubt you have a functioning firewall between the insane Internet and your network. But even if you have the world's best firewall, hackers get to your network in multiple ways. The laptop you carry back and forth from home can catch a virus, the Sony music CD you play in your computer can have a rootkit (it has happened twice), or the USB thumb drive you carry can have exploits hiding inside a file. Moral of this story: firewalls aren't enough.