Firewalls can't protect very well against things like viruses or malicious software (malware). There are too many ways of encoding binary files for transfer over networks, and too many different architectures and viruses to try to search for them all. In other words, a firewall cannot replace security-consciousness on the part of your users. In general, a firewall cannot protect against a data-driven attack--attacks in which something is mailed or copied to an internal host where it is then executed.

Alternate Answer:
Properly configured firewalls can limit the propagation of worms - a form of malware.  Typically, firewalls are edge or parameter devices (separates network zones) and most viruses and malware targets end points (user workstations and servers).

Firewall systems protect a network from attack by outside sources. They are placed at the edge of the private network so that they can control traffic from a single point.

Traceroute is based on ICMP type 30 under Windows and UDP under *NIX; traceroute pacjets that would hit the firewall should be dropped similarly any echo replay coming from inside the firewall should be restricted outbound. The answer: traceroute can work via a firewall is firewall is allowing inbound ICMP type 30 and outbound echo reply.  !! this should be allowed via internal firewalls ONLY!!
a seconde case is allowing traceroute via firewall outbound with this I do not see any real problem as it can not be used for any device discovery or facilitate any malicious activity, unless being used for an attack coming from inside.

Fundamental purpose:
1)Routers are designed to route traffic, not stop it.
2)Firewalls are designed to examine and accept/reject traffic.

But the both ACL are do the same job. Depending upon our requirments we do our ACL configuration on it.

we have 4 types drivers 1)JDBC-ODBC bridge. 2)native-API partly Java technology-enabled driver. 3)A net-protocol fully Java technology-enabled driver 4)A native-protocol fully Java technology-enabled driver


1)JDBC-ODBC bridge:-A JDBC-ODBC bridge provides JDBC API access via one or more
ODBC drivers. Note that some ODBC native code and in many cases native database
client code must be loaded on each client machine that uses this type of driver.
Hence, this kind of driver is generally most appropriate when automatic
installation and downloading of a Java technology application is not important.
For information on the JDBC-ODBC bridge driver provided by Sun 2)native-API partly Java technology-enabled driver converts JDBC calls into calls
on the client API for Oracle, Sybase,Informix, DB2, or other DBMS. Note that, like
the bridge driver, this style of driver requires that some binary code be loaded
on each client machine.


3)A net-protocol fully Java technology-enabled driver translates JDBC API calls
into a DBMS-independent net protocol which is then translated to a DBMS protocol
by a server. This net server middleware is able to connect all of its Java
technology-based clients to many different databases. The specific protocol used
depends on the vendor.In general, this is the most flexible JDBC API alternative. It is likely that all vendors of this solution will provide products suitable for
Intranet use. In order for these products to also support Internet access they
must handle the additional requirements for security, access through
firewalls, etc., that the Web imposes. Several vendors are adding JDBC
technology-based drivers to their existing database middleware products.
4)A native-protocol fully Java technology-enabled driver converts JDBC technology
calls into the network protocol used by DBMSs directly. This allows a direct call
from the client machine to the DBMS server and is a practical solution for
Intranet access. Since many of these protocols are proprietary the database
vendors themselves will be the primary source for this style of driver. Several
database vendors have these in progress.

Preferring NT authentication, using server, databse and application roles to control access to the data, securing the physical database files using NTFS permissions, using an unguessable SA password, restricting physical access to the SQL Server, renaming the Administrator account on the SQL Server computer, disabling the Guest account, enabling auditing, using multiprotocol encryption, setting up SSL, setting up firewalls, isolating SQL Server from the web server

Conceptually, there are three types of firewalls:

1. Network layer
2. Application layer
3. Hybrids

Some firewalls permit only email traffic through them, thereby protecting the network against any attacks other than attacks against the email service. Other firewalls provide less strict protections, and block services that are known to be problems.

Generally, firewalls are configured to protect against unauthenticated interactive logins from the ``outside'' world. This, more than anything, helps prevent vandals from logging into machines on your network. More elaborate firewalls block traffic from the outside to the inside, but permit users on the inside to communicate freely with the outside. The firewall can protect you against any type of network-borne attack if you unplug it.

A firewall is a system or group of systems that enforces an access control policy between two or more networks. The actual means by which this is accomplished varies widely, but in principle, the firewall can be thought of as a pair of mechanisms: one which exists to block traffic, and the other which exists to permit traffic. Some firewalls place a greater emphasis on blocking traffic, while others emphasize permitting traffic.