A firewall is a security tool used in networks for preventing attacks from hackers, viruses, worms, malware etc. If we didn’t configure it correctly, it will not give the correct use. So configuring firewall is important.
It can be either hardware or software based. It is like a physical gate in our house, it blocks unauthorized access to the server from outside the network. Firewall continuously monitor the incoming and outgoing traffic and based on the firewall rules, it blocks or allows access. A properly configured firewall allow authorized users to access data inward and outward and blocking malicious users from accessing data.
In the internet world running servers or computer without a firewall is very dangerous. And chances of getting hacked are very high. A properly configured firewall will block the IP based on some criteria, which include too many connections, failed login requests, port scan and other malicious activities, which are configured in the firewall. A web application firewall like mod_security will check the http requests and allow or deny access to the site based on the request. If we didn’t add enough rules with the firewall, the detection will be less and chances of an attack are high.
Hackers and spammers browsing the internet to find servers with outdated applications and servers without a firewall. Outdated applications are one of the main reason for the attacks. If we have a properly configured firewall, then the attack from the hackers are prevented by the firewall. So keeping the applications updated and configure the server with a firewall will help us to protect the servers from the hack.
There are primarily two types of firewalls – hardware firewalls and software firewalls
A hardware firewall or appliance firewall is independent of computers/servers that they need to protect. They are installed between routers and internet to protect the internal network. They are mainly used by large companies to protect their internal network from attackers. Since they are dedicated devices and running outside the servers or computers, they use the resources of the personal computer or servers. One of the disadvantages of the hardware firewall is the maintenance and the updates. They usually have a web interface for configuration and by checking the knowledge base from the manufacturer to configure the firewall.
By comparing with the hardware firewall, software firewalls are cheaper and easily configurable. They were installed in the personal computer or on the server itself. Like hardware firewall, software hardware will not protect the internal network, it protects only the individual computer/server. Since they are running inside the host, they use some resources from the parent computer. Nowadays all operating systems bundled with a basic firewall solution.
Software firewalls have some disadvantages over hardware firewall, it protects individual computers only, but hardware firewall will protect the entire network and faster response than the software firewall.
Importance of configuring firewall
As I said before the operating system are bundled with basic firewall solution and in some cases, our requirements are more and we may need to look for some other solutions available in the market. Most of the cases, the firewalls are with basic rules only and most of the cases it will not give a maximum protection. So we need to configure the firewall to get maximum security.
Before we install and configure the firewall the software in the servers are updated to the latest version and patched with the latest security updates. Since adding a firewall over the vulnerability will not help. If you are installing any other firewall than default iptables, you should clear all the current rules ( make sure the restart will not recreate the old rules ) and always try to use a single firewall instead of multiple firewalls. Using multiple firewalls will cause confusion and increase the work for doing any activities and sometimes the troubleshooting may make issues. First decide, which firewall is suited for your requirement and install the same.
If you are not that much expert in configuring the firewall, please consult with an expert to do the same, otherwise, you may be locked out. Some of the reasons why we need to configure the firewall are;
- Default features will not cover all the areas of attack.
- The limits in the settings may not relevant for getting maximum performance either they are too low or very high values, we need to analyse the server usage and optimize it to get maximum performance.
- Alerts are either disabled or enabled all alerts. We need to configure it to send necessary alerts only.
- No of blocking IP’s may be very less to avoid consuming resources by the firewall. But in big shared servers, a high number of blocking needed.
- We should watch the firewall logs and server activities to adjust the settings based on the analysis.
One of the other issues we notice is the failure of firewall software. Situations like, the software corrupted and stop working, the tech who work d on the sever disabled the firewall for testing and forgot to enable it back was causing the server without protection. To enable a monitoring option, either uses a custom script to monitor the service or use the inbuilt monitoring option in the control panel itself.
Configuring firewall in the correct way will not secure the server, we just tied the vulnerabilities using the firewall rules only. So make sure the firewall is UP all the time. And make sure to keep the software in the server are updated.