This chapter discusses the attacker’s methodology, as well as some of the methodologies used by ethical hackers. Ethical hackers differ from malicious hackers in that ethical hackers seek to do no harm and work to improve an organization’s security by thinking like a hacker. This chapter also discusses the OSI model and the TCP/IP protocol suite. It looks at some of the most commonly used protocols in the suite and examines how they are used and misused by hackers. Common ports are discussed; as is the principle of deny all. Starting with all ports and protocols blocked leaves the organization in much more of a secure stance than simply blocking ports that are deemed dangerous or unneeded.