Applying patches and firmware updates is the best method to protect against external threats that target known vulnerabilities. Regular updates ensure that known security holes are fixed and can prevent attackers from exploiting these vulnerabilities to gain unauthorized access or disrupt services. While intrusion detection systems help to identify potential threats, they do not mitigate the risk of known vulnerabilities being exploited. Configuring a honeypot may divert an attacker's attention but does not address the underlying vulnerabilities. Frequent password changes are a basic security measure but they do not prevent exploitation of software vulnerabilities.