Security of your network and the server (or VPS) behind it is not something to take lightly or underestimate. Be paranoid, it will save your server(s) and probably your job (or company) too, as a unsecure server will be abused and you be the one left paying for it.
Many whom have a webserver, will use a control panel of some sorts, like WHM/cPanel or Webmin, for a graphical interface and ease of use. This is a double edge blade, these are more prone to security issues, while potentially providing more ease in making it more secure if you know how. I like control panels, it makes life easier for me and clients. This does not mean using a control panel is ill-advised, you just better use a very strong password and make full advantage of all the security features they have that integrate with the firewall. Your firewall is one of your strongest assets to ensure your network stays secure, make sure you do configure it properly.
Firewalls come in many variants*;
- ‘Cloud Based’ – (Example: Cloudflare) These work way outside of your server, often as a CDN as well, masking your real IP is not unusual feature if they are also providing DNS. These are often smart enough to detect bad traffic as threats, but you can manually override and tweak settings.
- ‘Datacentre Firewall’ – (Example: Cisco) They usually provide some simple but powerful IP / port based rules firewall, you can manually setup.
- ‘Dedicated Firewall’ – (Example: pfSense) A separate hardware firewall with specialised software from your server(s), one in your control and is dedicated to your server.
- ‘App Based’ – (Example: WordPress Security Firewall) Smart firewalls designed if bad traffic is detected interacting with webfront apps and automatically deal with it, based on settings.
- ‘Server based’ – (Example: CSF) Smart firewalls designed if bad traffic is detected interacting with server in general and automatically deal with it, based on settings.
*You Ideally want one of each. Having 3 or less is asking for trouble especially if not well configured.
Allowing yourself to duplicate and have layers of protection for it to take brunt of any attacks. While also any threats that are more like attacks, their blocking can then be done so at multiple firewalls, to prevent exposure in a fallover.
Like control panels, there is a good list of different firewalls, so in this Edition I won’t go into a how-to guide of all or a specific ones details other than examples. I will how ever do my best to explain good practises;
- Only open ports that need to be open to the public, like your http(s), DNS, secure email
- Lock down access to ssh and access to your control panel to just your home/office IP address
- Sometimes client need Specific port access too, so make sure it’s IP specific where possible
- sFTP (SSH) rather than FTP and secure email, rather than the non-secure email protocol and ports
- Try to install a SSL cert even if it is self cert or free ones at Let’s Encrypt
It leads to needing to have less ports open and less places for hackers to attack.
If you follow my advise, Firewall logs will 95% show;
- Attempts at accounts (Emails and apps), can’t stop until they get too many wrong.
- Poking http locations they shouldn’t hoping to get something, usually gets them blocked quickly.
Everything else will be gone due to needing a specific IP address to access certain ports, all which are only intended to be used by the server owner (root), massively reducing your chance a server can be compromised if they can’t even access those parts.
Brute Force Attacks
Brute force attacks on servers is common place on the web, repeated automated attempts to guess your password for emails, control panels, common software logins like wordpress happen daily or even hourly for popular servers. Get use to it, keeping your OS and software up to date for exploits will only do so much good if people can still eventually guess the password.
That is where a more advance firewall solution is a must that comes with many control panels, like IP block lists; Use them.
I have modified my list, but I won’t lie it has also lead to locking me out also, leading to an difficult situation for myself to fix. Block lists neuter huge attacks to small manageable ones over time.
Get use to Country Wide blocking or challenging if you have a lot of threats, especially if you got to choose between keeping the server up and safe or down and compromised. Long term country blocks are not a good idea but long term challenges can be acceptable.