The attacks this week on U.S. government and corporate Web sites expose the degree to which the country's Internet networks remain vulnerable to security breaches, raising questions as to what can be done to prevent future assaults.

The attacks this week were more disruptive than punishing, and confined to consumer-facing Web sites; however, security experts believe they hint at a broader opening that hackers can exploit to gather valuable information or disrupt more vital information systems, such as those that control air traffic or financial trading.

"Just because they're using an attack as loud and known as this doesn't mean they can't do other things," said Dan Hoffman, chief technology officer for Smobile Systems Inc., a provider of mobile security software. "In fact, we know they are doing other things."

The U.S. is investigating attacks on computers at many federal and private Web sites, including the White House, several cybersecurity agencies, and Wall Street.

The attacks, which appear to be one of the broadest and coordinated on U.S. Web sites, are known as a "denial of service," a relatively unsophisticated maneuver in which many computers are used in concert to overwhelm a Web site with data.

These types of attacks occur continuously across the Internet but rarely turn into headlines because companies successfully defend against them, said Marty Lindner, a principal engineer on the computer emergency response team at Carnegie Mellon University.

But in some cases, the size and scope of the attack overwhelms preventive systems, and a Web site will be affected.

"Is any defensive measure perfect? The answer is no," Lindner said.

Denial-of-service attacks were a more prevalent threat a few years back but have generally gone away in favor of more stealthy methods. Rather than cause a public nuisance by clogging up Web sites, today's viruses and spyware gather data and linger in computers longer, making them far more dangerous.

As a result, Hoffman said, many government entities and companies need to step up their security measures. Many organizations still aren't aware of the threats and where vulnerabilities lie. For example, while a company's internal network is guarded by firewalls and antivirus software, corporate laptops and cellphones that leave the office remain open to spyware.

"It's about taking a holistic approach to security," Hoffman said.

And while increased law enforcement and prosecution could help to tamp down domestic threats, experts say attacks will continue without coordinated international actions.

"This tells us the power and danger of these bad actors," said Vincent Weafer, a security expert at Symantec Corp. (SYMC). "Someone is trying to send a message."

-By Jerry A. DiColo; Dow Jones Newswires; 212-416-2155; jerry.dicolo@dowjones.com; and Roger Cheng, 212-416-2153; Roger.Cheng@dowjones.com