it's useful when planning for a distributed Internet application's security, it's configuration & implementation.
it's a summary of threats to be expected.
there are different threat models, this is most common threat model for the Internet, more or less, i read. at least from designers' of security protocols perspective.
this does not include wiretapping, social engineering & possibly other threats as power failures.
- attacks on end systems threat, to disable or take over parts of distributed application.
- single point of failure threat - taking out a single system should not bring down whole distributed application, or too many of it's parts.
- poisoning threat - attackers might attempt to pretend to be legitimate users & attack communication protocols.
- modifying or reading communication between end systems threat.
- denial of service attack threat.
- security's too high cost threat.