Sony Running Unpatched Servers With No Firewall

ewhenn writes "Security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which 'was unpatched and had no firewall installed.' The issue was 'reported in an open forum monitored by Sony employees' two to three months prior to the recent security breaches."

Hardly possible

[Artem+S.+Tashkinov]

Just unpatched Apache HTTP server and absence of firewall could hardly be a reason/means for a successful intrusion/exploitation. I know a lot of popular web servers which have not so fresh apache server and they don't run any sort of firewall, yet user' data is safe and no intrusions have occured.

It's more likely their platform contained SQL injection vulnerabilities or other vulnerable/outdated software 'cause apache web server has a good record of being immune to attacks.

One should always remember that a properly configured web server should never expose any unnecessary services to the WAN in case your firewall rules are not correct or they are not properly enforced. E.g., if you run a usual web server, theoretically and in the best case scenario you should have the only listening port: 80 (or/and 443 for SSL connections) and maybe port 22 for incoming SSH connections (but I personally always reconfigure SSH daemon to listen on any other port other than 22).