We have contracted IBM and they use something called Qualys to scan our
systems. They tell us all sorts of things like:
Are you using obsolete hardware? (like a Cisco router which is terribly
out of date)
Are you using obsolete software? (like a version of bind that is full of
common user/password combos checked.
lots of port checking
And a crapload of other stuff.
Kind of funny to see IBM slapping IBM around, like trying to get IBM i to
support a current version of bind.
The first time you see all these addresses hitting your ftp server and
whatno you start wondering if the chinese are mounting another attack
(really quite common)
We also have some Qualys equipment internally for some scanning.
Items are rated on a scale and also by potential vs actual threat.