Host-based security does not scale well: as the number of hosts at a site increases, the ability to ensure that security is at a high level for each host decreases. Given that secure management of just one system can be demanding, managing many such systems could easily result in mistakes and omissions. A contributing factor is that the role of system management is often short-changed and performed in haste. As a result, some systems will be less secure than other systems, and these systems could be the weak links that ultimately will ``break'' the overall security chain.
If a vulnerability is discovered in networking software, a site that is not
protected by a firewall needs to correct the vulnerability on all exposed
systems as quickly as possible.
As discussed in section 
, some vulnerabilities have
permitted
easy access to the UNIX root account; a site with many UNIX hosts would
be particularly at risk to intruders in such a situation.
Patching vulnerabilities on many systems in a short amount of time
may not be practical and, if different versions of the operating system
are in use, may not be possible.
Such a site would be a ``sitting duck'' to intruder activity.