Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Isn't 95% of it just blocking every port except the service you want to expose, and then making sure everything is up to date and the service is built in a secure way.

WAF's etc just hide the fact the code in your service is full of holes.



What's the 5% that's not blocking ports for services you want to expose?

Ensuring your infra is built in a secure way is as important as ensuring your service is built in a secure way.


Part of it is that you may get (D)DoSed and then your ISP may be any amount of pissed at you for taking on significant ingress traffic on a residential network.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: