WEB, email, e-commerce and many other servers are intended to be visible to the Internet for obvious reasons. These servers advertise business capabilities with the intent that the Internet as a whole has benign access to them. A security examination can reveal that these very same resources may have security flaws that provide access to a degree not envisioned, or intended.

Additionally, an organization with an Internet connection may not be aware that resources considered private may in fact be visible to the Internet. Internal servers and workstations that may hold company confidential information are many times just as visible to the Internet as the WEB and email servers.

Organizations that think they are protected from mischief by a firewall may have it configured so poorly that it only provides partial protection or none at all. An organization behind a firewall may have a false sense of security and will often have a weak internal security policy as a consequence. That's a hackers dream environment.