Properties of ALL Firewalls

• Inserted between UN-trusted (outside) and trusted (inside) networks

• "All" traffic between inside and outside flows through them
• The more restrictive the rules, the more protection offered
• If rules are too restrictive, users may bypass them

• Increase complexity, complicate debugging

 
• No protection between hosts on trusted (inside) network

• Little protection from attacks against permitted services

• Your vulnerability is proportional to both the number of hostile hosts able to connect and the number of vulnerable servers to connect to.

• Firewalls improve security primarily by reducing the number of hosts able to connect. You still need to reduce the number of vulnerable servers by applying patches.