LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What can a firewall NOT do? List the four key limitations.

A firewall is not a magic shield. It only sees traffic that crosses it, can't detect a determined insider, won't alert you to a successful exploit, and won't stop someone from emailing out your customer database.

The four limitations:

# Limitation Why
1 Only protects connections that flow through it If traffic routes around it (rogue WiFi, USB key, LTE modem), the FW is irrelevant
2 Limited protection against malicious insiders An insider already inside the perimeter doesn't need to bypass it
3 Most successful attacks won't trigger an alarm Attackers tunnel through allowed protocols (HTTPS) — the FW sees "normal traffic"
4 Doesn't stop confidential data from being sent out An employee who emails a CSV out via Gmail uses a "permitted" channel

The "FW can be bypassed" reality:

Attacker on hostile WiFi   →  ┐
                              ├ → Bypasses corporate FW
Employee using personal LTE →  ┘

Insider with VPN credentials →  Goes THROUGH the FW legitimately
                                (FW sees: "yes, allowed VPN user")

Phishing victim downloads malware over HTTPS → 
                                FW sees: "yes, allowed HTTPS to a website"

What complementary tools handle these gaps:

Gap Mitigating tool
Insider threat DLP (Data Loss Prevention), UEBA (User Behavior Analytics)
Successful exploit EDR/XDR (Endpoint Detection), SIEM (log correlation)
Data exfiltration DLP, CASB (Cloud Access Security Broker)
Bypass routes NAC (Network Access Control), device posture checks

Tip: "We have a firewall" is never sufficient as a security posture. Modern frameworks (NIST CSF, CIS Controls) treat the FW as one of ~20 control categories — not the headline.

Go deeper:

From Quiz: INTROL / Firewall Fundamentals | Updated: Jul 14, 2026