Finding targets: Research Google dorks. There are many ways to use Google to find targets (assuming you don't care *who* you are targeting). Google allows you to search for various error messages, HTML comments, etc. This can lead you to hundreds of websites that were built with identical software with known vulnerabilities.
Portscanning: no. Your best bet is to just make sure your firewall rules are bullet proof. Port scanning is just recon. If you can pinpoint those doing recon, you can probably block them. This is just a very breif intro to general system administration/security.
Novell: still used in a lot schools and probably some less up-to-date companies. Wouldn't hurt to be familiar with it.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.