• determination of internal structure of networks,
• determination of software installed,
• detection of software security vulnerabilities,
• check-up of system access policy

Sets of passive (collecting and analysis of response data) and active methods (direct intrusion attempts) are directed to reveal security holes and security levels of networks and hosts. Note, that direct intrusion attempts are much more complicated and less effective problem than configuration files analysis.

• existing ports scanning, newly opened ports detection,
• network structure changes check-up
• IP addresses and DNS names compliance check-up (false routing, breaking and substitution of DNS servers)
• Integrity check-up of web-sites and other web resources

Remote detection of certain types of attacks both being performed at present or commited in past. Newly opened ports detection which are results of trojan's activity, informational resources integrity check-up can be carried on locally. Nevertheless, there are some kinds of attacks to substitute IP addresses on the DNS servers so that external users come to the other site, not yours. These substitutes can be detected only from the external zone of IP addresses.