A common misconception is that one firewall can protect every asset. While that might have been true a few years ago, it's not enough protection, given the advancements in hacking and increasing external threats. According to the CERT Coordination Center at the Software Engineering Institute (CERT/CC), the number of reported network security incidents has almost tripled in the past two years -- from 21,756 in 2000 to 73,359 at the end of Q3 2002. A second misconception is that a firewall device is a "connect, turn on, and forget about it" device. It's actually a technology that requires constant review, fine-tuning, and evaluation. In addition, many organisations plug firewalls into place without a security policy. Firewall deployment should be tied directly to security policies that address and support your company's objectives. Enterprises must consider a multilayered security approach, with a security policy, firewalls, and additional security tools (such as virus software). What a firewall can and can't do
A firewall can be hardware- or software-based. The tightest security is obtained when the two options are used in combination. Yet, even in this approach, a firewall system has its limits:
- It can't protect the enterprise from attacks and threats from within your network.
- Virus protection is limited without additional software and specialised technologies.
- A firewall can't protect an organisation from attacks that avoid a firewall -- an external hack via a dial-up account can fully compromise the entire security plan.
