I plan to rent a dedicated server to host a commercial application, which should house esentially everything necessary to run on a single machine (frontend, backend, databases, analytics, backup systems, etc) for the time being. This is indeed a simplistic infrastructure, but I don’t expect high amounts of traffic for now, so I believe it will suffice for the time being.
Now, I understand the same hour I put the server online I’m going to have malicious people trying to get root access to it, so obviously I would like to take care of this from day one. The question is, do I need a to rent a physical firewall, physical as in being a different machine, with this setting (which my provider offers, but at a cost of pretty much doubling the price), or will I be able to cover my ass with a software firewall (ie iptables and co), provided it is properly configured + I take as many “software” security measures/good practices as I can?
My networking/server administration experience is admittedly limited, but I’m very much willing and eager to learn as much as I’m able to manage the server/s on my own.
You really don’t need a separate firewall for a single host; Linux iptables is more than sufficient to protect the server, and (if you run Red Hat/CentOS) will be on and reasonably secure by default.
The first thing you will want to do after the server is up is to make yourself a user account, and then secure ssh by denying root logins with a password. In
/etc/ssh/sshd_config set either:
if you want to be able to login as root with ssh keys.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.