Screening specifics
There are a number of firewall screening methods. One simple approach is to screen requests to make sure they come from a list of acceptable domains or IP addresses. Unfortunately this method is also very easy to circumvent.
It is unlikely that all your organisation's "legal" external client systems are very secure and typically an intruder might be able to insinuate themselves into one of these systems to bypass your firewall.
Of course, they must then overcome your LAN's own security so both this and your firewall security must be as robust as possible. To allow mobile users access to a network, firewalls make use of secure logon procedures and authentication certificates.
Most of the security-related problems on the Internet come from so-called "script kiddies", people who find software available on the Internet and use it to try and break into systems.
Less common, but more difficult to keep out is the dedicated cracker who delves into the code and may spend many months "casing" a company and looking for weaknesses.
In fact, a firewall should be just one part of an overall security policy, which will include many aspects such as physical security (can someone walk in and physically steal a copy of your data?), or social engineering (where the cracker rings up pretending to be from the IT office and asks, "We're having a few problems with your setup, can I have your username and password?").
