{"id":369450,"date":"2021-11-19T15:30:00","date_gmt":"2021-11-19T12:30:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/does-your-cloud-server-need-a-firewall-cloudsavvy-it\/"},"modified":"2021-11-19T15:30:00","modified_gmt":"2021-11-19T12:30:00","slug":"does-your-cloud-server-need-a-firewall-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/does-your-cloud-server-need-a-firewall-cloudsavvy-it\/","title":{"rendered":"#Does Your Cloud Server Need a Firewall? \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2d790991f5a\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2d790991f5a\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/does-your-cloud-server-need-a-firewall-cloudsavvy-it\/#Only_Open_the_Ports_You_Need_Firewall_the_Rest\" >Only Open the Ports You Need, Firewall the Rest<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/does-your-cloud-server-need-a-firewall-cloudsavvy-it\/#Dont_Run_Your_Services_on_Public_IPs_in_the_First_Place\" >Don\u2019t Run Your Services on Public IPs in the First Place<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/does-your-cloud-server-need-a-firewall-cloudsavvy-it\/#How_to_Configure_a_Firewall\" >How to Configure a Firewall<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#Does Your Cloud Server Need a Firewall? \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<figure style=\"width: 700px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage imgchk9 wp-image-6610 size-full\" srcset=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2019\/08\/312ef9a2.png?width=398&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 400w, https:\/\/www.cloudsavvyit.com\/p\/uploads\/2019\/08\/312ef9a2.png?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 1200w\" sizes=\"auto, 400w, 1200w\" src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2019\/08\/312ef9a2.png?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Firewall illustration\" width=\"700\" height=\"300\" data-crediturl=\"https:\/\/www.shutterstock.com\/image-vector\/firewall-icon-flat-illustration-vector-web-1214853796?src=7htLqEYnRPoUtRuP65FdVA-1-9&amp;studio=1\" data-credittext=\"Shutterstock\/Anatolir\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-vector\/firewall-icon-flat-illustration-vector-web-1214853796?src=7htLqEYnRPoUtRuP65FdVA-1-9&amp;studio=1\">Shutterstock\/Anatolir<\/a><\/span><\/figcaption><\/figure>\n<p>A firewall is a network utility that runs on your server and prevents outsiders from using certain ports. This makes it a useful security tool for blocking attackers from accessing processes they shouldn\u2019t. Does your server need one?<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Only_Open_the_Ports_You_Need_Firewall_the_Rest\"><\/span>Only Open the Ports You Need, Firewall the Rest<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The services you run on your server connect to the outside world through\u00a0<em>ports<\/em>. Each port has a number, and the service will listen for connections on that port number. This isn\u2019t always a security risk, as you\u2019ll often need to have ports open for users to access your service.<\/p>\n<p>Ports 80 and 443 are the default ports for HTTP and HTTPS. If you\u2019re running a web server, these need to be open. Port 22 will likely be open on any fresh Linux install, as it\u2019s the default SSH port. You can close this port, but you\u2019ll need to move SSH to a different port (which is a good idea anyway).<\/p>\n<p>Without a firewall in place, any service that starts up a connection will be allowed access to any port by default. It\u2019s best to have your rules defined to prevent this from h<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ening and to ensure that nothing unexpected is running on your system. This is exactly what a firewall does\u2014define the rules for how processes on your server can talk to the outside world.<\/p>\n<p>To check what ports are currently open on your system, you can run:<\/p>\n<pre>sudo netstat -plnt<\/pre>\n<p>Or, if you want more concise output:<\/p>\n<pre>sudo netstat -plnt | grep \"LISTEN\" | awk '{print $4 \"t\" $7}'<\/pre>\n<p>These commands will list out each open port, alongside which process is using that port. Netstat only shows the PID and filename of the process, so if you need the full path you\u2019ll have to pass the PID to the <code>ps<\/code>\u00a0command. If you need to scan ports without accessing the server, you can use the client-side utility <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/nmap.org\/\">nmap<\/a>.<\/p>\n<p>Anything else that isn\u2019t specifically being used to host a service should be closed with a firewall.<\/p>\n<p>If everything running on your system is supposed to be open, you might not need a firewall. But without one, any unused port could easily become open by a new process you install. You\u2019ll need to make sure that any new services don\u2019t need to be locked down.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Dont_Run_Your_Services_on_Public_IPs_in_the_First_Place\"><\/span>Don\u2019t Run Your Services on Public IPs in the First Place<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"imgchk9 alignnone wp-image-973 size-full\" src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2019\/07\/4e426496.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Prevent services being accessible by everyone prevent by locking down connections to your virtual private cloud.\" width=\"700\" height=\"300\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>A firewall is a great security tool, but certain services shouldn\u2019t be accessible by the whole world. If a port needs to be open, that service is vulnerable to brute force attacks and other nasty issues. But you can prevent this from happening by locking down connections to your virtual private cloud.<\/p>\n<p>Databases are the prime example of this. A database like MySQL needs to have an open port for administrative connections. But if the only thing talking to the database is your web server (and you, when doing maintenance), you should keep MySQL private, and only allow it to talk to the web server. If you need to access it, you can SSH to the web server, and access the rest of the network from there.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"How_to_Configure_a_Firewall\"><\/span>How to Configure a Firewall<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If you\u2019re using a managed hosting service like Amazon Web Services or Digital Ocean, your provider may have a firewall that you can manage from a web interface. If this is an option, you should configure your firewall this way.<\/p>\n<p>AWS, in particular, forces you to use their firewall, which is managed with security groups. Ports are all closed by default (save for port 22), so you\u2019ll need to open them manually from their interface. You can edit the security groups for any running instance from the EC2 Management Console, and modify the inbound rules.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"imgchk9 alignnone wp-image-968 size-full\" src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2019\/07\/66b6dedf.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"In AWS, you can edit the security groups for any running instance from the EC2 Management Console and modify Inbound groups\" width=\"700\" height=\"300\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>AWS allows you to specify the source for the rule, so you could for example lock down SSH to only your personal IP address, or make the connection between your database server and web server private.<\/p>\n<p><strong>RELATED:<\/strong> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/177621\/the-beginners-guide-to-iptables-the-linux-firewall\/\"><strong><em>The Beginner&#8217;s Guide to iptables, the Linux Firewall<\/em><\/strong><\/a><\/p>\n<p>If you\u2019re\u00a0using other providers like Linode or regular hosting, you\u2019ll need to configure the firewall yourself. For this, the simplest method is to use the\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/177621\/the-beginners-guide-to-iptables-the-linux-firewall\/\"><code>iptables<\/code><\/a> utility.<\/p>\n<p>If you\u2019re running a Windows server, you\u2019ll need to configure the aptly named <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/docs.microsoft.com\/en-us\/sql\/sql-server\/install\/configure-the-windows-firewall-to-allow-sql-server-access?view=sql-server-2017\">Windows Firewall<\/a>, which you can do from the Windows Management Console or by using <code>netsh<\/code>.\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/964\/does-your-cloud-server-need-a-firewall\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Does Your Cloud Server Need a Firewall? \u2013 CloudSavvy IT&#8221; Shutterstock\/Anatolir A firewall is a network utility that runs on your server and prevents outsiders from using certain ports. This makes it a useful security tool for blocking attackers from accessing processes they shouldn\u2019t. Does your server need one? Only Open the Ports You Need,&#8230;<\/p>\n","protected":false},"author":1,"featured_media":369451,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2019\/08\/312ef9a2.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-369450","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/369450","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=369450"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/369450\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/369451"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=369450"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=369450"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=369450"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}