What You Need To Know
In order to keep your data secure, your systems should be carrying at least the following three checks:
- Is the user’s system allowed to access this service?
- Is the user who they say they are?
- Is the user allowed to access this service?
The second of those, authentication, is typically verified by a username/password or, increasingly, by two factor authentication. The third, authorisation, is typically managed by the application. The first is a blunter instrument, and may implement controls such as “users may not access the development server from the Internet”. Mandating such rules is the role of a firewall.
Every server should be protected by a firewall. It doesn’t have to be a multi-thousand pound standalone device: it may be sufficient to simply use the firewall software that comes as part of Linux. The configuration of the firewall depends upon the role of the server, but the bottom line is that you should only allow the minimum access necessary for the server to perform its allocated tasks.
So, for a web server, you may well allow web access from anywhere, but you may allow updates to the website only from your offices.
What Does A Firewall Do?
A firewall permits or denies network access between two or more locations. Typically, a firewall is placed between the Internet and one or more servers, and controls access to and from those servers. Whether or not access is permitted is determined by three things:
- the source of the connection
- the destination of the connection
- the type of connection
For example, a firewall protecting a mail server may permit a connection from anywhere on the Internet to the mail server of type “SMTP”, which is the protocol used to pass email between systems. Most other types of connection would be denied.
A firewall protecting a web server may permit connections from anywhere to the web server that are of type HTTP or HTTPS, and it may also permit connections from the web developers to the web server of type SFTP, a secure protocol used to upload new files. Again, typically, most other types of connection would be denied.
Firewall Logging
A firewall will often keep a log of all the attempted connections that it denies; in some cases, it may also log details of permitted connections. There are other types of firewall that inspect the data being passed over a permitted connection. Uses of this technology range from attempting to detect viruses through to spying on individuals’ communications. We’re not going to cover such technology on this page, but you can read more about so-called Deep Packet Inspection on this Wikipedia page.
Types Of Firewall
A firewall may be standalone hardware item running either a proprietary or Open Source firewall application, or it may be an application running on the server itself. Linux itself has had the capability of providing firewall functionality since 1996, and today such functionality is powerful, flexible and secure.
Although there is sometimes a political requirement to use a standalone firewall (“it’s our company policy”), in reality the firewalling software built into Linux is more than adequate for the vast majority of situations. It’s also possible to configure a High Availability Linux Cluster as a firewall, thus ensuring controlled access is available even if one of the firewall servers fails.
Need Help With Firewalls?
A firewall is a necessary part of your IT infrastructure, and the firewalling capabilities that ship as part of Linux easily meet the vast majority of firewalling requirements.
“I’ve been faced with knowing more than the tech guys many times in the past, but never with Tiger Computing. Everything is always done, and done very well. They make stuff work without fuss, fanfare and hyperbole.”
– Jonny Wray, Head of Discovery, e-Therapeutics plcWe can help keep you Linux servers safe, and secure
See how Tiger Computing can help your business and keep your Linux servers safe, and secure.