A Note about Security in general

A firewall can actually not guarantee 100% of security just because there may be bugs in the underlying software or the configuration or even a hardware problem can be the “open door” for the bad guys.

It is also a common mistake to believe that a firewall is enough to provide security. If you want to have a really high level of security you will need a whole “Security Concept” which defined the basic rules for the network environment. This includes the used software, installing security updates to the running software, a good documentation about how the security level is enforced in your network etc.

Here is an example what I mean by that.

Imagine you are running a public web server. To make it possible for the World to reach you you have to open the TCP port 80 for incoming connections. By opening this port your computer is reachable through the Internet. You as the admin implemented a really bomb save firewall configuration and you feel save because your firewall protects you. But certainly a securityhole in the webserver application is found and made public in the Internet. If you didn't installed the security update because you forgot or it isn't available yet a hacker may be able to use this securityhole (in the webserver not the firewall) to get access to your network. In this case the firewall can't do anything against it because you allowed people to connect to your server.

I hope that this example makes it a little bit clearer what is meant when talking about a security concept. To prevent these cases there are some basic rules to follow.