[CentOS] [CENTOS ]IPTABLES - How Secure & Best Practice
heinlein at madboa.com
Wed Jun 29 15:15:46 UTC 2016
On Wed, 29 Jun 2016, Leon Vergottini wrote:
> I am busy teaching myself iptables [....]
> How secure is this setup? Is there any mistakes or things that I
> need to look out for?
It's only as secure as your web stack (and, in your case, SSH
Packet filtering is a necessary security tool, but it's not sufficient
for total security. Much harder is auditing the pieces of your
* locked-down application configuration(s),
* decent password policy,
* access controls (mandatory and discretionary) that limit exposure
to exploits or vulnerabilities,
* timely patching,
* good service monitoring combined with a remediation plan should
things go awry,
* good crypto configuration,
* etc., etc.
In other words, packet filtering is a good start toward a secure
system, but no more than that.
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
More information about the CentOS