Even with the most stringent of firewall rules, it is possible for an attack like this to succeed. For example, imagine the target computer is on a home network, with antivirus and a firewall. There is a second system on the network with antivirus and a firewall as well. Antivirus is up to date and the firewalls are properly configured. As you browse the web on your computer, you come across a recently hacked web site that profiles the computer and immediately uploads the appropriate virus to install a backdoor and delete the antivirus definitions. Because the virus is contained in normal Internet traffic, the firewall does nothing to stop it, and the virus is new and has not been added to the definitions in the antivirus software. The backdoor establishes an outgoing connection to the attacker's own server, mimicking Internet Explorer or Firefox traffic so the firewall again does nothing to stop it. The attacker receives a message from the web site indicating the IP address that was compromised and logs in to the backdoor connection and manually changes the firewall rules to allow the backdoor to accept incoming connections. At this point, the computer is wide open. In addition, data on every computer on the network is open to compromise if file sharing is enabled.

There is no absolute solution to prevent malicious activity on your network. The best you can do is have a multi-tiered security system - antivirus, antispyware, software firewall, hardware firewall, all with proper precautions installed - to minimize your risk as much as possible.

__________________
The best way to learn anything, is to question everything.