Figure 1 lists weaknesses for TCP/IP, Operating systems, and Network equipment. Figure 2 matches configuration weaknesses with a way in which to exploit that weakness.  These weaknesses include unsecure user accounts, system accounts with weak passwords, misconfigured Internet services, unsecure default settings, and misconfigured equipment. Figure 3 lists policy weaknesses and ways in which to exploit them.  Policy weaknesses include a lack of written security policy, lack of authentication policy, and disaster recovery plan.