The UK2 Blog

Oct18

Securing Your Server: Planning Your Firewall Setup

With the move from the relatively safe world of shared hosting to the world of virtual or dedicated server hosting there are an almost bewildering number of additional things to be taken into account beyond simply uploading your website and configuring it.  Not least of these is the security of your server.

A key piece of the security of your server and an often overlooked one is the humble firewall.  While we supply all our servers with some basic firewall configuration this setup is based around allowing customers to get up and go quickly.  In many cases the support teams may encounter servers further down the line that still have those same initial firewall settings or the firewall disabled completely, both of which may pose a security implication for the server.

For those new to firewalls, a firewall can be imagined as a tool for managing the doors to a building.  If you imagine your server as a building such as an office or a shop, you will have areas that members of the public can access, areas that only staff can access and areas that specially cleared staff can access.  The firewall can be used to make sure that different groups can access each of those areas of your server while restricting access to other areas.

When considering your firewall policy you first need to look at what you use your server for and which groups of people need to access which parts of it.  Publicly accessed areas like a website will need to allow the world access, while private areas need only allow access to a necessary few.  As a rule you are looking to minimise the number of publicly accessible areas on the server and if whenever possible prevent configuration services from being publicly accessible such as Linux’ SSH and Windows’ Remote Desktop.

Once you have your list of publicly and privately accessible services you then need to work out where your privately accessible services will be accessed from.  Both Windows firewall and Linux’s iptables firewalls are able to block/allow access based on the IP address that the connection attempt is coming from allowing you to limit access as required.

Once you have a list of IP addresses that each private service is being accessed from you can then configure your firewall.  By default it should be set to reject any incoming traffic you don’t specifically allow and any services you do need to access remotely can have their relevant rules created to match the list you have created.

While there are many guides online to help you configure the rules for your firewall, dedicated server customers who need help can take advantage of our managed server support, where our team of staff can configure the firewall to the required settings.  Alternatively there’s also the option of having your server behind one of our managed firewalls, or purchasing a hardware firewall to sit in front of your server that you can manage yourself.

Our managed firewall offering has additional benefits over using the software firewall on your server. Firstly our staff will do all the firewall configuration on it for you, saving you the need to learn to manage the firewall yourself.  Secondly, as the firewall is separate to your server, should a hacker managed to gain access to your server they will be unable to reconfigure or disable your firewall to permit greater remote access.

However you go about it, a firewall is an important first step in securing your server.  Time spent configuring it in advance could reap benefits in helping prevent your server being hacked later.

No Comments

Leave a Reply

Stop blending in with the rest of the crowd and start leaving your mark on the web

“I've been a faithful customer of UK2.net for about 12 years, regularly registering new domains on behalf of clients. The costs are superb value, and the service - online or over the phone - is fantastic. I'd highly recommend them to anyone - and regularly do.“

Jay Commins - Pyper York Ltd

“We would like to thank the support team for easily answering our website problem. They turned my day around with just a simple, understandable resolution with a friendly Service so a big thank you from me and all the elves here at the wicked chilli company“

- www.thewickedchilli.co.uk

“Great experience with UK2 support. We've been with them since they started up way back. Always good responses and the tech guy today who helped me out after I wiped my .htaccess file was brilliant. I'd recommend without reservation.!!“

Julian Jones - Hursley emc services Ltd

“I have been a customer of UK2 for as long as I can remember. It never ceases to amaze me the speed in which you respond to problems or queries, usually of my own making. The live chat for tech support is so efficient. I have nothing but praise for you guys and gals. The level of service is second to none. Nothing ever seems to be too much hassle. Well done, you all deserve a medal.“

- Yvonne Armitage Computer Services

“9pm on Sunday evening, realised that I hadn't renewed my hosting service. 10 minutes of help from your live chat support and my websites are up and running again. As a company offering 24 hour emergency electrical/locksmith services most of our work comes from the websites, so getting this fixed without having to wait for Monday morning was very important.“

Nick Lane - Kent Security and Electrical