An important thing to remember: a firewall will not protect you for a large number of the vulnerabilities that exist. A firewall does only one thing: controls incoming and outgoing traffic over a network. Most firewalls are an "open" or "closed" deal for various ports and there is no monitoring or "scrubbing" of traffic over ports you have open. They also don't protect you from vulnerabilities triggered locally (for example if you load a website and it uses a client-side scripting vulnerability or if you download something and run it.)
A good example on the uselessness of firewalls for most vulnerability types is a web server with Wordpress or something similar. In theory a web server only absolutely needs one port open to the internet and that's port 80. Every other port could be completely closed. If however there was a vulnrability in your website where loading some specific URL or putting some specific string of text in an input box could execute code on the server it would still be possible to load files onto the machine and do lots of nefarious things. (Wordpress has had hundreds of these types of vulnerabilities over the years.) I don't even run wordpress and here's logs from three different web servers showing bots looking for wordpress so they can abuse its vulnerabilities:
Requests with error response codes
404 Not Found
/wordpress/: 14 Time(s)
/wp-login.php: 8 Time(s)
/wp/: 2 Time(s)
/xmlrpc.php?rsd: 1 Time(s)
Requests with error response codes
404 Not Found
/wp-login.php: 2 Time(s)
Requests with error response codes
404 Not Found
//wp-login.php: 6 Time(s)
/blog//wp-login.php: 1 Time(s)
/sitemap.xml: 1 Time(s)
/wordpress//wp-login.php: 1 Time(s)
/wp//wp-login.php: 1 Time(s)
Those are just from yesterday... and it happens every single day. All three servers have firewalls on and running, the only thing protecting them from Wordpress vulnerabilities is not having Wordpress installed.
Firewalls are not the same thing as an IPS/IDPS which actually monitors network traffic.
If you use any operating system on the internet you're susceptible to zero-day vulnerabilities, but using an unsupported OS like XP means those zero-day's are never patched so they're a potential issue forever.
I guarantee the firewalls on my servers are configured better than most firewalls setup by people on their own computers. Only the absolutely most necessary of ports are open... Still apply security patches and monitor constantly. Firewalls are one piece of a good defence but they're absolutely minor compared to using a supported and patched OS.
A good example on the uselessness of firewalls for most vulnerability types is a web server with Wordpress or something similar. In theory a web server only absolutely needs one port open to the internet and that's port 80. Every other port could be completely closed. If however there was a vulnrability in your website where loading some specific URL or putting some specific string of text in an input box could execute code on the server it would still be possible to load files onto the machine and do lots of nefarious things. (Wordpress has had hundreds of these types of vulnerabilities over the years.) I don't even run wordpress and here's logs from three different web servers showing bots looking for wordpress so they can abuse its vulnerabilities:
Requests with error response codes
404 Not Found
/wordpress/: 14 Time(s)
/wp-login.php: 8 Time(s)
/wp/: 2 Time(s)
/xmlrpc.php?rsd: 1 Time(s)
Requests with error response codes
404 Not Found
/wp-login.php: 2 Time(s)
Requests with error response codes
404 Not Found
//wp-login.php: 6 Time(s)
/blog//wp-login.php: 1 Time(s)
/sitemap.xml: 1 Time(s)
/wordpress//wp-login.php: 1 Time(s)
/wp//wp-login.php: 1 Time(s)
Those are just from yesterday... and it happens every single day. All three servers have firewalls on and running, the only thing protecting them from Wordpress vulnerabilities is not having Wordpress installed.
Firewalls are not the same thing as an IPS/IDPS which actually monitors network traffic.
If you use any operating system on the internet you're susceptible to zero-day vulnerabilities, but using an unsupported OS like XP means those zero-day's are never patched so they're a potential issue forever.
I guarantee the firewalls on my servers are configured better than most firewalls setup by people on their own computers. Only the absolutely most necessary of ports are open... Still apply security patches and monitor constantly. Firewalls are one piece of a good defence but they're absolutely minor compared to using a supported and patched OS.
Last edited:
