Server Management Best Practices – Firewall
Every week at MNX solutions we handle issues from server security and patch management to system recovery and performance tuning. In this blog series, we will review a number of firewall best practices that you can implement today on your server infrastructure.
First things first, do you utilize a firewall on your server? If your answer is “no” or you are not sure, this should be one of your top priorities.
You have two major choices for a firewall: hardware or software.
A quick note on hardware vs. software firewalls
Hardware firewalls can protect every machine on a local network (on the inside or DMZ area) whereas a host based firewall will typically only protect one server. One major advantage of a hardware firewall is a single point of configuration change to affect all systems behind the firewall.
Software firewalls are typically installed on each host. This also means that a simple change, depending on how many machines you are working with, can be a complex task involving changes to each host.
Each solution has pros and cons. You will need to defined your requirements to help you decide which solution should be used. Generally a layered approach, of using both a hardware firewall and a software firewall will provide you with the best level of protection. A layered approach may also provide protection in the event of a mis-configuration of the hardware or software firewall rules.
CSF uses IPTables at the core, but simplifies the administration through configuration files and integration with control panels. CSF also provides additional advanced functionality such as:
- UI Integration for cPanel, DirectAdmin and Webmin
- Alert when end-user scripts sending excessive emails per hour – for identifying spamming scripts
- Daemon process that checks for login authentication failures
- Suspicious file reporting – reports potential exploit files in /tmp and similar directories
- Distributed Login Failure Attack detection
- And much more..
Basic Firewall Rules
By default, you should deny all connections and allow only required connection. If you are running a web server with SSL and SSH access this would mean a base inbound ruleset of:
* Open SSH port for my specific IP addresses
* Open port 80 for all
* Open port 443 for all
* Deny everything else inbound
The main point is to ensure you are using some form of a firewall on your hosts. Contact us today if you need help implementing or managing any aspect of your server.