10-11-2002 10:27 AM - edited 03-09-2019 12:38 AM
First off let me apologize for this stupid question.....
Our firewall is a PIX501 and the question I'm asking is do I need to do the security updates in Windows?
Personally I think I should, if nothing else just because it's a good idea to be current, but I've got a tech here that believes since were behind the firewall we are ok. But my argument is that we allow port 80 through the firewall and that's how they (an attacker) would hit us. At least the attackers website.
Please advise....
Thanks
10-11-2002 02:47 PM
You should always strive for security in depth/layers. First line of defense, second line etc. No one security device is perfect and can totally protect you. Security requires different components and procedures working together to work properly. Any time you connect to the internet and especially when you allow access in, you have punched a hole in your first line of defense and need to protect it with another layer. Make it as difficult as possible for someone to hack in. This also doesn't take into account all the attacks that occur from within, where a firewall won't help. So yes, stay current on your MS updates.
Hope it helps.
Steve
10-13-2002 07:05 AM
It seems that you and I work for the same company. In the future, if you like, you can look my name up in the global address book and email me directly.
However, to answer your question....."YES"! Sure, some of the time you don't want to install the patches....some of them have issues, but most of the time you should install.
Truly, regardless if you have port 80 open to the outside world or not, you should really install the patches. Some issues "may" even have impacts internally! There are some issues out there with Windows OS(s) that netoriously retransmit packets!....just an example.
Also, last year's www.sans.org "SANS 20 Most Critical Internet Security Vulnerabilities" points directly to what you are asking. Number #1 was default configs of OS(s), and applications. Also meaning...no updates! 2nd was accounts with weak passwords, or no passwords at all! There are MANY reasons to continually check the updates and see if they are applicable to your environment.
Hope this helps!...
10-18-2002 12:40 PM
The pix is really a layer 4 filtering device, meaning anything that follows the rules you set up as far as what port you are using will be allowed to pass through. Virus' such as Nimba would pass through your firewall because it works on port 80. It would infect an unpatched server and can eat up huge chunks of your bandwidth.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: