A comon problem in embedded systems is that customers will request notoriously insecure protocols to be available (like telnet or SNMP), the solution tha embedded GNU/Linux can offer here is to allow every insecure, clear-text äuthenticationÿou would like and pack it up in a secure encrypted tunnel. This not only has the advantage of making insecure protocols secure, provided access can be limited to a trusted host, but it reduces the the design demands conciderably if one needs only to take the VPN into account and not every posible protocol. It should though be noted that this does not handle the problem of Denial Of Service (DOS) atacks against such systems.
Integrating embedded systems in existing netwrok environments opens a new set of problems that need concideration. Many system services relie on each other and this can lead to irritating servic/protocol interdependancies. As an example take the system command route, if DNS is blocked then this comand will hang until it reaches the timeouts for every DNS request in the list, and that can be quite long - inaceptably long when called from some system script. To set up a system in a secure maner requires that such dependancies be analized or at least tested.
One posible strategy for this problem is to let the embedded system perform all such operations in a rawmode and only resolve data for analysis off-line. Not taking these effects into account can lead to systems going to extreem load-averages if a remote service fails, so basically any local service that relies on remote servers must have some exit strategy to ensure that it will not bring the system to it's knees.