I thought I would link everyone to an interesting article I saw published the other day by van Hauser / THC. This article describes possible backdoors through different firewall architectures. However, the material can also be applied to other environments to describe how hackers cover their access to a system.
Hackers often want to retain access to systems they have penetrated even in the face of obstacles such as new firewalls and patched vulnerabilities. To accomplish this the attackers must install a backdoor which a) does it's job and b) is not easily detectable. The kind of backdoor needed depends on the firewall architecture used.