Cisco Support Community
Community Member

Windows updates...

First off let me apologize for this stupid question.....

Our firewall is a PIX501 and the question I'm asking is do I need to do the security updates in Windows?

Personally I think I should, if nothing else just because it's a good idea to be current, but I've got a tech here that believes since were behind the firewall we are ok. But my argument is that we allow port 80 through the firewall and that's how they (an attacker) would hit us. At least the attackers website.

Please advise....



Re: Windows updates...

You should always strive for security in depth/layers. First line of defense, second line etc. No one security device is perfect and can totally protect you. Security requires different components and procedures working together to work properly. Any time you connect to the internet and especially when you allow access in, you have punched a hole in your first line of defense and need to protect it with another layer. Make it as difficult as possible for someone to hack in. This also doesn't take into account all the attacks that occur from within, where a firewall won't help. So yes, stay current on your MS updates.

Hope it helps.


Community Member

Re: Windows updates...

It seems that you and I work for the same company. In the future, if you like, you can look my name up in the global address book and email me directly.

However, to answer your question....."YES"! Sure, some of the time you don't want to install the patches....some of them have issues, but most of the time you should install.

Truly, regardless if you have port 80 open to the outside world or not, you should really install the patches. Some issues "may" even have impacts internally! There are some issues out there with Windows OS(s) that netoriously retransmit packets!....just an example.

Also, last year's "SANS 20 Most Critical Internet Security Vulnerabilities" points directly to what you are asking. Number #1 was default configs of OS(s), and applications. Also updates! 2nd was accounts with weak passwords, or no passwords at all! There are MANY reasons to continually check the updates and see if they are applicable to your environment.

Hope this helps!...

Community Member

Re: Windows updates...

The pix is really a layer 4 filtering device, meaning anything that follows the rules you set up as far as what port you are using will be allowed to pass through. Virus' such as Nimba would pass through your firewall because it works on port 80. It would infect an unpatched server and can eat up huge chunks of your bandwidth.

CreatePlease to create content