1. Basic Access Control
One of the most important things you can do to protect your server is to implement very basic access control. Access control can eliminate a majority of the risk involved in running out of date services on the Internet. In order to implement an effective access control policy on your dedicated server, you will need the following pieces of information: The IP address or addresses of your Internet connection. For some, this may be one static address, while for others it is a pool of addresses. If you have more than one Internet connection, please be sure to get ALL the IP addresses you could be assigned at any time. You may need to contact your Internet Service Provider for this information.
2. Restrict SSH Connections
While we do not recommend anybody running outdated software, especially something as crucial as SSH, a not insignificant portion of the risks involved in running an outdated SSH server can be mitigated by only allowing certain IP networks to access your SSH server via iptables. Execute the following command to only allow SSH connections from certain IP address:
# $IPTABLES –A INPUT –p tcp –dport 22 –s
The above line will allow TCP packets destined for port 22 to be accepted if and only if the source of the packets are within the network denoted in
3. Access Control on Control Panel
If your server is running a control panel, you can also improve your security by implementing an access control policy on the control panel administrative port.
Plesk:
$IPTABLES –A INPUT –p tcp –dport 8443 –s X.X.X.X/NN –j ACCEPT
Ensim:
$IPTABLES –A INPUT –p tcp –dport 19638 –s X.X.X.X/NN –j ACCEPT
Cpanel:
$IPTABLES –A INPUT –p tcp –dport 2082 –s X.X.X.X/NN –j ACCEPT
4. Access Control on FTP
Another service you may want to implement an access control policy on is FTP. If you or a small handful of people are the only allowed users to FTP into your dedicated server, then you will certainly benefit from employing some iptables rules by entering the commands:
$IPTABLES –A INPUT –p tcp –s X.X.X.X/NN –dport 20 –syn –j ACCEPT
$IPTABLES –A INPUT –p tcp –s X.X.X.X/NN –dport 21 –syn –j ACCEPT
Note that both of the above lines must be executed for each source network.
5. Enable IPTABLES
If you do not have a hardware firewall you will want to enable iptables, the software firewall in Linux systems.
ليست هناك تعليقات:
إرسال تعليق