[CentOS] firewall?

Sat Jul 16 23:03:52 UTC 2011
Always Learning <centos at u6.u22.net>

On Sat, 2011-07-16 at 23:43 +0100, Keith Roberts wrote:


> Data Driven Attacks Using HTTP Tunneling
> 
> "... HTTP Tunneling Example
>
> http://www.symantec.com/connect/articles/data-driven-attacks-using-http-tunneling
> 
> Sounds a bit scary to me, as any website needs to have port 
> 80 open to allow access to that website.

Do not forget that Symantec is a commercial entity trying to make money
(perhaps by scaring people?).

If you have a public web site, then your IPtables should let in traffic
on ONLY the allocated IP address and port(s) defined in your Apache
configuration file. Do not allow access from a range of IP addresses,
allocate one IP address for your web site and enforce that both in
IPtables and in the Apache configuration. Ditto port(s). In you are only
using port 80 ensure all other ports are OFF or not allocated (Listen)
in Apache. Allow-in via IPtables one IP address and port 80.

If using SSH, FTP, phpmyadmin etc. etc. then DO NOT use the standard
ports. Allocate a different IP address (if you have several) and use a
non-web IP address for SSH and a different non-web IP address for
phpmyadmin etc. WITH non-standard ports (you can go as high as about
64000). Also consider ONLY allowing access from predefined static IP
addresses (under your control). Do not make it easy for the hackers.
Give them a difficult time.



-- 
With best regards,

Paul.
England,
EU.