Our single PC is in a data centre in a co-location “locked” rack so no person has physical access to my PC except for myself which means no person can insert a USB stick into the PC and still my sensitive files that way. Via our Cisco hardware firewall, which is in the same rack in the data centre, all inbound ports and outbound ports are closed except for port 5001 which needs to remain open so as our PC can communicate with our forex broker’s trading server. Also, all inbound and outbound traffic has been blocked except for outbound and inbound traffic between my PC and the forex broker’s server. I was thinking that we do not need to apply Windows 10 Pro OS security updates as there are no windows services (or windows programs) “listening” on any ports (all these ports have been closed via our firewall) and therefore it would be impossible for an outside hacker to gain remote access to our PC via exploiting any vulnerabilities in any windows services, windows programs or the windows OS itself, does this make sense and is this logic correct, please let me know where I’m making a mistake here? Also, the only program that is allowed to connect to the internet is my trading platform application/software (which is not an open-source program/code and there are no publicly known vulnerabilities in this trading platform software as well) and the internet connection between my PC and the broker’s server is an “established connection” via port 5001 (as opposed to my trading platform program “listening” on port 5001 which is not the case). Given this additional information, if someone knew my PC’s IP address (maybe someone who works in the data centre could find out this info or someone who works at my forex broker could find out my IP address too) could they hack into my PC and steal my sensitive files and if so what method could they use to do this? Also, given my system setup listed above, do we need to download and apply windows 10 “security” updates given that there are no windows services or windows program listening on any open ports, as all of these ports have been closed via our Cisco firewall? So, in summary I have 2 questions (a) Is it possible that an outside hacker could steal our sensitive files on our PC and if so, what method could they use to do this? And (b) If we don’t apply windows 10 “security” updates to our PC given that there are no windows services or programs listening on any open ports could this failure to apply windows patches allow an outside hacker to gain remote access to our machine and if how would he or she do this?
I’m not an expert, but I do know that you ALWAYS need to install security updates ESPECIALLY on Windows. Or it could be your trading platform that has a security vulnerability that has yet to be found.