The rationale for installing a firewall is almost always to protect a
private network against intrusion. In most cases, the purpose of the
firewall is to prevent unauthorized users from accessing computing
resources on a private network, and often to prevent unnoticed and
unauthorized export of proprietary information. In some cases export of
information is not considered important, but for many corporations that
are connecting this is a major though possibly unreasoning concern.
Many organizations will want simply to address the problem by not
connecting to the Internet at all. This solution can be difficult to
implement. If the private network is loosely administered or
decentralized, a single enterprising individual with a high-speed
dialup modem can quickly effect an Internet SLIP (Serial Line Internet
Protocol) connection which can compromise the security of an entire
network.
Often it is safe to say that a firewall needs to be put in place for the ``CYA'' (Cover Your Assets, a family publication) factor. Even though an employee could compromise proprietary information by carrying it offsite on a DAT (Digital Audio Tape) or floppy disk, the Internet represents a tangible threat, populated with dangerous ``vandals.'' (The Vandals were a collection of tribes of roughneck barbarians who sacked Rome in 455 and looted it of all its portable wealth. Some use the term ``hackers'' to describe Internet snoopers, but ``vandals,'' ``crackers,'' or ``jerks'' is more appropriate) It could very easily cost a network manager his job if a break-in occurs via this route, even if the damage is no more extensive than could have been inflicted over a dialup line or by a disgruntled employee. Generally, for a would-be Internet site, the technical difficulties of implementing a firewall are greatly outweighed by the public relations problems of ``selling'' upper management on the idea. In summary, because Internet services are so highly visible, they are much more likely to require official oversight and justification.