I'm a big fan of "never trust by default", so many hackers bypass a firewall by walking in and physically jacking-in behind it using social engineering. It should be the default for companies, and depending on your threat model, for home networks as well. Everything is a tradeoff between privacy/security and convenience.