In-Reply-To: <002501c19799$c5555960$fdfea8c0@ISDesktop>
Nothing is completely fool prof or completely invulnerable and there are quite a few web servers out there that do not have a firewall. A firewall is there only to set up another layer of defense. The other layers are to limit the services available on the host system, validation on input received from the web server, and patch the web server software and operating system against all security vulnerabilites.