Computer systems (hosts) connected to the Internet are subject to
an almost constant barrage of security attacks. Most attacks have
at least some of the following goals:
To obtain unauthorised access to private, or secret,
information stored on the compromised system -- eg lists of credit
card numbers stored on commerce servers. Such access can be
obtained by a wide variety of means. This is probably the most
important type of attack.
To use the compromised system as a start point for attacks on
other, more interesting, systems whilst "covering their tracks" --
the (so-called) Springboard Attack.
Denial of service (DOS) attacks attempt to use
up system resources to inconvenience legitimate users. A classic
example is to send vast megabytes of (anonymous) electronic mail to
a target host in an attempt to exhaust its disk space. The
(relatively) recently developed Distributed Denial of
Service (DDOS) attacks are a particularly nasty form.
A variation of the "unauthorised access" attack is where a Bad
Guy actually attempts to cause damage to the compromised system,
for example, by removing important files, changing configurations,
etc. Recent "Web site defacements" come under this category.