If I see one more article on this incident that abuses the word "firewall" I'm going to hurt someone. Surely Apache is either accessible via port 80, or it isn't. What would a firewall do to mitigate vulnerabilities in a webserver?
I've worked in IT in Japan for a little over 5 years now.<p>Getting people to /allow/ you to patch servers is like pulling teeth. Seriously.<p>If the OS itself is so far out of date that you can hardly find patches for it anymore, the issue is even worse.<p>The mere specter of something possibly breaking is usually reason enough in many people's minds to not prioritize security updates, or in some case, flat out disallow them.<p>Sadly.<p>Edit: keep in mind that this is anecdotal, I'm sure there are companies that patch their servers properly.
There is no mention of missing firewall in the report.<p><a href="http://republicans.energycommerce.house.gov/Media/file/Hearings/CTCP/050411/Spafford.pdf" rel="nofollow">http://republicans.energycommerce.house.gov/Media/file/Heari...</a><p>Quote:<p><pre><code> In the Sony case, the majority of the victims are likely young people whose sense of risk, privacy and
consequence are not yet fully developed, and thus they may also not understand the full
ramifications of what has happened. Presumably, both companies are large enough that they
could have afforded to spend an appropriate amount on security and privacy protections of
their data; I have no information about what protections they had in place, although some
news reports indicate that Sony was running software that was badly out of date, and had
been warned about that risk.</code></pre>