Tuesday 24 April 2018

How important is a Firewall for your Dedicated Server and how to apply it?

Web security


Firewall is one of the most effective types of security measure to implement to keep all the viruses far from the web application or the servers. Well, this software is complex but it is essential to know how to work and how to set them up. The firewall will remove or stop any unwanted connections to the website and it is very essential to have a firewall because of the website being under constant attach where Firewall can be one of the best defenses. 

Intro – Firewall:-

Firewall blocks unwanted access to your website or server where your current work also won’t get disrupted. It is usually required practically for everyone who has a website or a server. 

Blocking:

Blocking the server doesn’t mean that no one will be able to access it but you can set up the Firewall by specifying as to what kind of users can view your website which will be then identified by their IP addresses. So by configuring this setting, the firewall will block the websites that can be a huge threat to the website. 

Minimize threat:

Most of the server store sensitive information that includes password, documents and email addresses. There are hackers who are on the lookout to see the vulnerability in the website so that they can steal such valuable information. In a server, all the information are encrypted but just to make extra sure a firewall is the best option.

Easy to use:

Content Management System and Hosting providers offer the option to configure specific types of firewalls on the website or server.

Implementation of Firewall on a Server or Website:-

When it comes Firewall there are many options for setting up the firewall but we will be focusing on the easiest method which is based on IP tables and advanced policy firewalls. 

IP Tables Configuration:

IP tables allow you to deny or grant access to specific IP address or services. This will give you the full control over everything that goes out and in your server including the Secure Shell and Transmission connections. This is mostly preferred for those who like to utilize the command line. If you are on Virtual Private Server or the Dedicated Server then you should have iptables program which usually comes by default with Linux distributions. Review first that it doesn’t have any rules configured by default. 

To check the review you have to type iptables –L on the console. 
After doing this three sets of chains or rule will be shown which will be incoming, outgoing and forwarding packets and the line should end with ACCEPT. 

But if you have to add a new rule to a particular chain then use this command iptables –A INPUT –p tcp –dport 7822 –j ACCEPT. 
By doing this you will enable the incoming TCP connections via port 7822 which is commonly used by SSH. 

You can add another rule which will enable the incoming TCP connection via port 80 (HTTP) type: iptables –I INPUT –p tcp –m tcp –dport 80 –j ACCEPT. 
Port 80 is commonly used for the servers to migrate information since the HTTP protocol is still in use. 

But if you set up the secure sockets layer certificate for the website then you need to also enable access via port 443. 
To enable access via port 443 type: iptables –I INPUT –p tcp –m tcp –dport 443 –j ACCEPT. 

Use this command: iptables –I INPUT rulenum –s ‘IP address goes here’ –j DROP to block specified IP address from accessing your server. The Drop Rule will send the signal to the server to block all type of connection from the specified IP address.

You can click here to know more command that can be utilized with the program

Advanced Policy Firewall:

Advanced Policy Firewall is an alternative method for the people who are not a big fan of the command line. With this method, you can configure a firewall using the simple text editor. But for this, you will also require a particular program which isn’t included in most of the Linux distributions. Now anyway you have to use the command line for configuration but the process will be simple. Follow the instruction here and once you are done try the following method down below. 

/etc/apf/conf.apf

You can use any text editor of your choice but the process will remain the same. For Vim user you can use this command. 

VI /etc/apf/conf.apf .

SET_MONOKERN=”0”
HELPER_SSH_PORT=”22”
IG_TCP_CPORTS=”22”

The above values are default configuration but you will need to change them so that the firewall is effective. Change the SET_MONOKERN to 1to enable the program to be installed and not as the package so that it can perform the task. You will also need to change value HELPER_SSH_PORT to 7822 which is the default for SSH connections and then add the TCP ports you want to enable. 

IG_TCP_CPORTS=”80, 7822, 443”

This will enable the connections via HTTPS, HTTP, and SSH. After this save the changes to the conf.apf file and start the APF program utilizing this command.

Apf - -start

Firewall is very essential when you are trying to stop attacks on your local computer and also on your website. Your website will be under attack even though if you are not aware of it, therefore, it is important to implement a Firewall. Now depending on your hosting plan you can use two type of firewalls on the website which is IP table firewalls and Advanced Policy Firewalls. 

No comments:

Post a Comment