Attack that aims to make a system or service unavailable or unreliable for legitimate users.
Denial of service, often shortened to DoS, is an attack or disruptive condition that aims to make a system or service unavailable or unreliable for legitimate users. In plain language, the goal is to interfere with access rather than to steal data directly.
Denial-of-service activity matters because availability is one of the core security goals in the CIA Triad. A service that cannot be used when people need it can still create serious operational, financial, or safety consequences even if no data is stolen.
It also matters because service disruption can be used as pressure, distraction, or business harm. Availability incidents deserve real security planning, not just performance tuning.
Denial of service appears in internet-facing services, API protection, resilience planning, provider coordination, and incident response. Security teams connect it to Firewall, Web Application Firewall, Botnet, and Recovery because defensive preparation often depends on layered traffic control and service-restoration planning.
Teams also use DoS scenarios to test whether they can keep key services reachable under abnormal load or hostile activity without relying on improvised decisions.
| Scenario | Primary cause | Defensive focus |
|---|---|---|
| Denial of service | Intentional hostile activity | Traffic control, rate limits, and mitigation |
| Capacity outage | Legitimate surge or mis-sizing | Scaling and capacity planning |
| Ransomware disruption | Internal compromise and extortion | Containment and recovery |
A public-facing customer portal begins experiencing severe disruption and becomes unreliable for legitimate users. Even before every technical detail is confirmed, the organization may activate availability-focused incident procedures, coordinate with providers, and route traffic through existing protective controls to preserve service continuity as much as possible.
Denial of service is not the same as any generic outage. The term is usually used when the disruption is caused intentionally or by hostile activity rather than by routine operational failure alone.
It is also different from Ransomware. Ransomware often disrupts access through extortion and internal compromise, while denial of service more directly targets the ability to use the service at all.