1. External scanning of networks
Sets of passive (collecting and analysis of response data) and active methods (direct intrusion attempts) are directed to reveal security holes and security levels of networks and hosts. Note, that direct intrusion attempts are much more complicated and less effective problem than configuration files analysis.
2. Remote detection of intrusion
Remote detection of certain types of attacks both being performed at present or commited in past. Newly opened ports detection which are results of trojan's activity, informational resources integrity check-up can be carried on locally. Nevertheless, there are some kinds of attacks to substitute IP addresses on the DNS servers so that external users come to the other site, not yours. These substitutes can be detected only from the external zone of IP addresses.