just wondering how everyone handles patching their systems that are behind their firewalls. do you guys (and gals) feel it is not as urgent to deploy a patch if the server is safely firewalled/ access controled on your LAN? or do you always patch it the moment a patch is available? what if you have no users on that server (besides say samba or something).

thanks

If you know there is no possibility of someone plugging a "dirty" computer into the LAN, and no possibility of a user running something they shouldn't, then it is ok to get a little lax on updates. Basically a small home network with one or two computers. Anything more, and you should be just as paranoid as if you didn't have a firewall and all your boxes have publicly routable real IP addresses.