This is exactly right. Although, if your target has a firewall/router, it will limit the exploits you can use for your attack. There would have to be port forwarding set up to allow you to attack specific vulnerabilities. You would most likely have to involve user-interaction. [opening an attachment, plugging in a USB key, visiting a malicious site, etc.]
One other suggestion, is to make use of port 80. Most firewalls don't block outbound port 80, so it will just blend in with other web traffic. If the sysadmin sees port 4444 in the logs, it would probably throw up a red flag.