[UK-Al05]

Isn't 95% of it just blocking every port except the service you want to expose, and then making sure everything is up to date and the service is built in a secure way.

WAF's etc just hide the fact the code in your service is full of holes.

[sceptic123]

What's the 5% that's not blocking ports for services you want to expose?

Ensuring your infra is built in a secure way is as important as ensuring your service is built in a secure way.

[majewsky]

Part of it is that you may get (D)DoSed and then your ISP may be any amount of pissed at you for taking on significant ingress traffic on a residential network.