We run a LAMP webserver. We only have ports 80 and 443 open to the public. If there is an OS vulnerability or say an security update for CUPS or something that isn't a service that's on an open port, is that hackable? Can they run metasploit or something to actually hack that vulnerability if only those two ports are open. Please let me know, thanks.