What good is a firewall in a web server environment?

Can someone please explain this to me? I don't understand what good it does to install a firewall on your typical web server set up. My understanding of TCP/IP is very basic, so maybe I'm missing something. Please correct me if I'm wrong or help me understand this.

Ok, say a malicious user scans my server with nmap or something similar and finds out the following ports are open:

21 FTP
22 SSH
25 SMTP
53 DNS
80 HTTP
110 POP3
143 IMAP
443 SSL
2086 C-Panel
2082 C-Panel
8080 HTTP

Now a malicious user will try to exploit these services or run a brute force password attack. They are not going to try and get in via a closed port - and I'm assuming you can't if there is no service running?

Ok, so you install a firewall - Now you have to tell your firewall to open all the above ports so that your services work. Now aren't these ports just as vulnerable as before? What good does it do to firewall of ports that have no services running on them?

It's seems to me, that the best thing to do is just check what services are running and close/uninstall any that are not needed. And for the services that are needed make sure the software is up to date and all security patches are applied.

Furthermore, it seems that installing a firewall is just adding another layer of software that could potentially have security holes.

Wouldn't something like Portsentury, wich will detect scans on closed ports and then lock out the requesting IP, be more appropriate for a web server environment?

 

 

 

 

Top