Firewall plus
A firewall is necessary for any system, but is not sufficient to solve all security issues or protect sensitive data against what is accurately named the "inside job." Anyone gaining access to a UNIX shell or Windows desktop with client access to a Progress-based ERP can virtually get anything he/she wants via the Procedure Editor if there is no security on the database.
Now you may breathe a sigh of relief thinking "Oh, our security is set up," but I'm willing to bet your wrong. Based on my experience very few folks have actually set up security on their databases themselves, instead they've been relying on their application security to protect data. But if I am able to take one clause out of the Progress client script, the "-p" startup program parameter clause, then I can go straight to the procedure editor and have my way with their data unless something else stops me, i. e., Progress database security.