Re: firewall?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sat, 2011-07-16 at 23:43 +0100, Keith Roberts wrote:


> Data Driven Attacks Using HTTP Tunneling
> 
> "... HTTP Tunneling Example
>
> http://www.symantec.com/connect/articles/data-driven-attacks-using-http-tunneling
> 
> Sounds a bit scary to me, as any website needs to have port 
> 80 open to allow access to that website.

Do not forget that Symantec is a commercial entity trying to make money
(perhaps by scaring people?).

If you have a public web site, then your IPtables should let in traffic
on ONLY the allocated IP address and port(s) defined in your Apache
configuration file. Do not allow access from a range of IP addresses,
allocate one IP address for your web site and enforce that both in
IPtables and in the Apache configuration. Ditto port(s). In you are only
using port 80 ensure all other ports are OFF or not allocated (Listen)
in Apache. Allow-in via IPtables one IP address and port 80.

If using SSH, FTP, phpmyadmin etc. etc. then DO NOT use the standard
ports. Allocate a different IP address (if you have several) and use a
non-web IP address for SSH and a different non-web IP address for
phpmyadmin etc. WITH non-standard ports (you can go as high as about
64000). Also consider ONLY allowing access from predefined static IP
addresses (under your control). Do not make it easy for the hackers.
Give them a difficult time.



-- 
With best regards,

Paul.
England,
EU.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux