IT Security

• Routers, already on the network, can also block traffic based upon source, destination and requested service.
• Anti-spoofing and network address translation can also be performed by routers.
• Servers can be configured to shut down unnecessary services or to screen out specific sources to specific services.
• If server and workstation software is updated with the latest security patches as soon as they are released, the risk of an attack being successful is reduced.

• Since a firewall passes traffic to/from many devices, and since firewall software usually provides easy-to-use management tools, setting (and resetting) rules and monitoring network traffic for a wide range of devices is a fairly simple process. Managing a large number of independent devices and remembering to reapply rules after a device is rebuilt can be far more complex.
• Being an independent device, a firewall can be helpful in preventing attacks from a compromised server from reaching their targets.
• A firewall can protect devices that are running unused, vulnerable services that may be unknown to the device's primary user.
• A firewall can provide centralized virtual private network (VPN) services for many devices.

A firewall might not be necessary if:

• the devices within the network are effectively managed and software is updated as soon as new security patches are available;
• there is sufficient knowledge and time allocated to the management of dispersed "rules" across multiple devices; and
• special actions taken to protect individual services on specific devices are well documented and are taken whenever the device is rebuilt.

But even then, a second lock couldn't hurt.