One of my favorite quotes is from Sun Tzu's The Art of War: If you know the enemy and know yourself, you need not fear the result of a hundred battles. | What Are the Threats One of my favorite quotes is from Sun Tzu s The Art of War If you know the enemy and know yourself you need not fear the result of a hundred battles. If you know yourself but not the enemy for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself you will succumb in every battle. To this end it is not good enough to merely know what a firewall does or how a firewall works. You need to understand the threats that exist to ensure that you can effectively protect your environment from the threats. Threats that most IT organizations need to deal with include the following Targeted versus untargeted attacks Viruses worms and trojans Malicious content and malware Denial-of-service DoS attacks Zombies Compromise of personal information and spyware Social engineering New attack vectors Insecure poorly designed applications Targeted Versus Untargeted Attacks On the surface the difference between a targeted and untargeted attack may seem pretty unimportant. As the saying goes an attack is an attack regardless of source. While in the midst of an attack whether the attack is targeted or not may fall down the list of priorities. However it is important to define the difference because it could impact the ultimate level of response required to address the attack. Untargeted attacks are attacks that are not directly motivated by the resources being attacked. In other words the attacker is not necessarily being motivated to attack your resources as much as the attacker is probably trying to gain access to any server that might be susceptible and your server just so happened to fall in their sights. This is a common attack method for defacement-style attacks. In many cases the attacker has not chosen to target your website because you own it as much as they are trying to find websites running on certain versions of web server software and you just so happened to be running that web server software. As a result untargeted