• Most corporate networks are not designed for security, and have survived because they have not been attacked. But now users want connectivity to the Internet.
• You want to communicate with publicly available services, and make some of your own services available to customers located outside your corporate network. But the Internet is a scary place.
• Most of the user workstations are not only initiate requests to servers on the user’s behalf, but also provide services, remote access to their file systems and configuration databases.
• Each service is a point of attack.
• Firewalls attempt to protect systems inside from attack from outside. But in order to do this, the firewall administrator needs to understand
all the mechanisms and come up with some way of disallowing the dangerous ones without disabling the necessary ones.