The primary reason for testing the security of an operational system is to identify potential vulnerabilities and subsequently repair them. The number of reported vulnerabilities is growing daily; for example, the number of new information system vulnerabilities reported to the Bugtraq2 database has more that quintupled since the start of 1998, from an average of 20 to over 100 per month. The number of computers per person in many organizations continues to rise, increasing the demands on competent and experienced system administrators. Consequently, it is imperative that organizations routinely test systems for vulnerabilities and misconfigurations to reduce.