An important point that I must focus on is the limitations of firewalls. A firewall can only be effective if it surrounds the entire network. If even one computer connects to the outside via modem or some other method without going through the firewall, the entire network is at risk. Firewalls do not protect data outside their perimeter. Any data coming in through the firewall properly has to be considered a risk. Firewalls are also the most visible portion of a network installation to the outside world and thus make attractive targets for attack. Any use of firewalls should be supplemented by a defense-in-depth utilizing several layers of protection such as access control, anti-virus software, and intrusion detection.

It is important to know that firewalls are not invulnerable to attack. They can be penetrated, but by design they are small and simple and don't lend themselves to aiding further in an attack once they themselves are defeated. Proper configuration is a must to maintain the efficacy of any firewall system. It should be updated periodically to ensure it is current with the internal and external environment of the network. Activity logs should also be checked on a regular basis to find attempted and successful intrusions. A major limitation is that firewalls have only minor control over the data that passes through them. Malicious or inaccurate code has to be controlled from inside the perimeter.

Firewalls are a crucial piece of the security puzzle, but not the answer to everything. They have limitations in their applicability, but combined with a proper defense-in-depth they can be the cornerstone of an effective security infrastructure regardless whether you have just your personal computer or a huge corporate LAN.