On Wed, 29 Jun 2016, Leon Vergottini wrote:
I am busy teaching myself iptables [....]
How secure is this setup? Is there any mistakes or things that I
need to look out for?
It's only as secure as your web stack (and, in your case, SSH
configuration).
Packet filtering is a necessary security tool, but it's not sufficient
for total security. Much harder is auditing the pieces of your
applications:
* locked-down application configuration(s),
* decent password policy,
* access controls (mandatory and discretionary) that limit exposure
to exploits or vulnerabilities,
* timely patching,
* good service monitoring combined with a remediation plan should
things go awry,
* good crypto configuration,
* etc., etc.
In other words, packet filtering is a good start toward a secure
system, but no more than that.
--
Paul Heinlein <> heinlein@xxxxxxxxxx <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
