Securing Your Server: Planning Your Firewall Setup

With the move from the relatively safe world of shared hosting to the world of virtual or dedicated server hosting there are an almost bewildering number of additional things to be taken into account beyond simply uploading your website and configuring it.  Not least of these is the security of your server.

A key piece of the security of your server and an often overlooked one is the humble firewall.  While we supply all our servers with some basic firewall configuration this setup is based around allowing customers to get up and go quickly.  In many cases the support teams may encounter servers further down the line that still have those same initial firewall settings or the firewall disabled completely, both of which may pose a security implication for the server.

For those new to firewalls, a firewall can be imagined as a tool for managing the doors to a building.  If you imagine your server as a building such as an office or a shop, you will have areas that members of the public can access, areas that only staff can access and areas that specially cleared staff can access.  The firewall can be used to make sure that different groups can access each of those areas of your server while restricting access to other areas.

When considering your firewall policy you first need to look at what you use your server for and which groups of people need to access which parts of it.  Publicly accessed areas like a website will need to allow the world access, while private areas need only allow access to a necessary few.  As a rule you are looking to minimise the number of publicly accessible areas on the server and if whenever possible prevent configuration services from being publicly accessible such as Linux’ SSH and Windows’ Remote Desktop.

Once you have your list of publicly and privately accessible services you then need to work out where your privately accessible services will be accessed from.  Both Windows firewall and Linux’s iptables firewalls are able to block/allow access based on the IP address that the connection attempt is coming from allowing you to limit access as required.

Once you have a list of IP addresses that each private service is being accessed from you can then configure your firewall.  By default it should be set to reject any incoming traffic you don’t specifically allow and any services you do need to access remotely can have their relevant rules created to match the list you have created.

While there are many guides online to help you configure the rules for your firewall, dedicated server customers who need help can take advantage of our managed server support, where our team of staff can configure the firewall to the required settings.  Alternatively there’s also the option of having your server behind one of our managed firewalls, or purchasing a hardware firewall to sit in front of your server that you can manage yourself.

Our managed firewall offering has additional benefits over using the software firewall on your server. Firstly our staff will do all the firewall configuration on it for you, saving you the need to learn to manage the firewall yourself.  Secondly, as the firewall is separate to your server, should a hacker managed to gain access to your server they will be unable to reconfigure or disable your firewall to permit greater remote access.

However you go about it, a firewall is an important first step in securing your server.  Time spent configuring it in advance could reap benefits in helping prevent your server being hacked later.