Re: Yeah but, this is a RE-hacking @Wzrd1
That they will get in is a wise statement to make.
But it does not have to be totally true. A suitably designed, multi-layer protection model implemented using multiple vendors kit will probably defeat almost all attacks, especially if the design is kept secret. The trick is to be utterly ruthless with what is allowed between each of your security zones.
By using multiple vendors kit, each boundary between the security zones presents a new problem to be 'cracked'. If things are designed properly, by the time the attacker gets to the third or fourth boundary, your intrusion detectors should have been tripped so that you can take action to protect the service being attacked, and other systems that lie further into the network.
You layer the servers themselves to form parts of the security infrastructure, so in the case of web-based services, your edge web servers only keep session and transient data, intermediate servers keep application logic and only enough data for the transactions in flight, and you keep the core databases separate still. In all cases, the servers have an external side and an internal side, and the networks on either side are never bridged by network infrastructure (obviously you have to have something to allow the servers to be administered, but the same rules apply to the management infrastructure).
In order to get access to the places where data is really present for bulk-download, the only practical way in is to have knowledge of everything in advance.
I'm not saying that even this design is intrusion free, but the idea is to make it so periphery intrusion does not expose data wholesale, so as to limit the damage. It also does not protect from DOS type attacks, or protect you from holes in the infrastructure you provide for your employee's internet access, but that's another story.
But the problem with a model like this is that it gets expensive. And too often, the risk vs. cost balance is set wrong because the managers are dominated by accountants. Too many organisations assume that a single or dual layer of security devices is sufficient to protect their internal networks, and once on a system on an internal network, the world is the cracker's oyster.
I know one bank that used a design like this, which had many zones boundaries, where the architect declared at the end of the first project that it would have been cheaper to give all the customers of the service access to a personal banker for a year than to build the infrastructure! But they did use the infrastructure again for other services, so the cost of later projects was reduced.