Blenster wrote Sun 6/22/14 @23:39 EDT:
"Stealth" is probably not being used accurately in that sense; they are talking about double-encrypted data streams which are hard to read but not hidden. One can go "stealth" -ish by turning off extra services and network sockets (which any good admin will do) and you can remap popular services to different port numbers (e.g. SSH or telnet sessions can be moved from 23 to a different number - so long as you remember what the new number is and know how to configure your tools to connect to custom port numbers). Even going "stealth" often isn't enough to stop a determined hacker - there are tools that will send mal-formed packets to the network to see what responses they will get. On a really hardened system these will be ignored but by default they will typically respond to some of these with a note asking for the rest of the packet so it can decide what to do with it (this is often down with sending malformed "handshake" packet that the responding machine then attempts to respond to). These probing attacks can sometimes expose what operating system the device is running on (each has their own "fingerprint" of response types) which gives you the information you need to attempt to run an active attack on the system (properly configured systems will notice your attack unless you are VERY good - but most systems are not properly configured and you can hammer at them awhile before anyone notices and you get caught).
Anyone seriously interested in this stuff should consider going to Derbycon to learn more from the people who do it and defend against it.
For what it's worth the hardware can be very secure; it's usually the people who are vulnerable. They click a link in an email, they download an EXE file and run it, they answer the phone and try to be helpful to the person on the other end who says they are the "County Password Inspector" or "Some sales guy who needs to demo to a client and can't get the VPN working" or whatever. Simply showing up with a hard hat, a measuring device, and a clipboard has gotten people into locked server cages alone to do whatever they like -- the secretary and the facilities manager never bothered to stop and call corporate headquarters and check. The human element is usually the weak link. USB drives are left in the parking lot. A free keyboard (with key-tracking software installed in it) is given as a "prize" to the IT department - where it is then snagged by the admin who outranks the peon you gave it to -- and now you can login as an admin with official credentials! This is the bigger threat; easier to do and works more often.