Quiz Entry - updated: 2026.07.14
What can a firewall NOT do? List the four key limitations.
A firewall is not a magic shield. It only sees traffic that crosses it, can't detect a determined insider, won't alert you to a successful exploit, and won't stop someone from emailing out your customer database.
The four limitations:
| # | Limitation | Why |
|---|---|---|
| 1 | Only protects connections that flow through it | If traffic routes around it (rogue WiFi, USB key, LTE modem), the FW is irrelevant |
| 2 | Limited protection against malicious insiders | An insider already inside the perimeter doesn't need to bypass it |
| 3 | Most successful attacks won't trigger an alarm | Attackers tunnel through allowed protocols (HTTPS) — the FW sees "normal traffic" |
| 4 | Doesn't stop confidential data from being sent out | An employee who emails a CSV out via Gmail uses a "permitted" channel |
The "FW can be bypassed" reality:
Attacker on hostile WiFi → ┐
├ → Bypasses corporate FW
Employee using personal LTE → ┘
Insider with VPN credentials → Goes THROUGH the FW legitimately
(FW sees: "yes, allowed VPN user")
Phishing victim downloads malware over HTTPS →
FW sees: "yes, allowed HTTPS to a website"
What complementary tools handle these gaps:
| Gap | Mitigating tool |
|---|---|
| Insider threat | DLP (Data Loss Prevention), UEBA (User Behavior Analytics) |
| Successful exploit | EDR/XDR (Endpoint Detection), SIEM (log correlation) |
| Data exfiltration | DLP, CASB (Cloud Access Security Broker) |
| Bypass routes | NAC (Network Access Control), device posture checks |
Tip: "We have a firewall" is never sufficient as a security posture. Modern frameworks (NIST CSF, CIS Controls) treat the FW as one of ~20 control categories — not the headline.
Go deeper:
NIST SP 800-41 Rev. 1 — Guidelines on Firewalls — states explicitly what firewalls cannot protect against.