Posts Tagged ‘iptables’

 

How To Enable & Manage the New, Free GoGrid Firewall Service

Wednesday, May 1st, 2013 by

Security and infrastructure don’t always go hand in hand. In fact, many non-adopters of cloud computing have cited the lack of good security as one of the primary reasons they are not wholeheartedly embracing the cloud and all its glory. In some ways, these naysayers are correct: You shouldn’t deploy a cloud or frankly any type of infrastructure without some type of security, whether it’s software-based controls or a hardware device. At GoGrid, it is this desire to overcome security concerns that compelled us to release our free (that’s right FREE) Firewall Service.

When we developed our Firewall Service, we wanted to do more than simply offer a set of blocking rules or a hardware device. We wanted our solution to be centrally managed, easy to use and configure, fully featured, integrated across all our data centers, reliable, programmatically controlled, highly available, flexible, elastic, self-healing…whew! And did I mention, free? As we did for our new Dynamic Load Balancers, we embraced the concepts of software-defined networking (SDN) when architecting our Firewall Service.

Our research showed that for small environments, software-based firewalls (like IPtables or a Windows Firewall) worked just fine, provided the infrastructure didn’t need to scale. Similarly, hardware-based firewalls were great for enterprise-grade installations (but remember, if you get one hardware device, you typically need another one ready as a failover). We wanted to do it better. You can read more about the theory behind our cloud Firewall Service in this article.

As with my previous How To articles, there are 3 easy steps in the Firewall Service setup:

1. Create a Security Group
2. Define
a Policy
3. Add
a Connection

GoGrid’s Firewall Service is distributed and global. That means that once it’s configured, it automatically synchronizes across all our data centers. If you have multiple web servers in multiple GoGrid data centers, you simply define the Security Groups and Policies, connect the servers, and you’re done. Any future policy changes are automatically synchronized to the connected servers. Simple, right? Let’s see how to set up the Firewall Service. (more…) «How To Enable & Manage the New, Free GoGrid Firewall Service»

How to Recover from a Linux Security Breach – Recovery & Hardening (Part 2)

Tuesday, January 29th, 2013 by

This is Part 2 of a GoGrid security blog series on identifying and recovering from a Linux security breach. Part 1 provided general guidelines for conducting a security analysis on a compromised Linux server and forming strategic teams to address and resolve the breach.

In this article, we’ll review some recommended steps for recovering from a breach.

Recovering from the Breach

Lock the doors

Now that you’ve confirmed that there are no intruders logged in and you’ve identified the established connections, it’s time to “lock the doors.” Locking the doors largely depends on who is managing your firewall. Contact GoGrid in the event that we’re managing your firewall or perform the following actions if you manage your firewall:

  • Modify your system’s iptables configuration to restrict all remote console connections such as SSH to your office network
  • Modify your system’s iptables configuration to block all previously identified suspicious connections from and to your system.
  • Modify your system’s iptables to block all other services from the public Internet to your server. Doing so will effectively bring down your website or services, but you want to avoid compromising your customers or web site visitors.

Install and run a rootkit analyzer

(more…) «How to Recover from a Linux Security Breach – Recovery & Hardening (Part 2)»

How to Recover from a Linux Security Breach – Forensics, Analysis, & Building Teams (Part 1)

Monday, January 28th, 2013 by

This 2-part GoGrid security blog series provides general guidelines for conducting a security analysis on a compromised Linux server and for recovering from a breach. Before you begin the security analysis, you need to consider two important factors:

1. The type of data your compromised server is storing or transmitting,
2. How important the server’s function is to your business

The data type—Personally Identifiable Information (PII) or Protected Health Information (PHI), for example—is important because your organization could be legally required to notify external parties and local or federal government agencies in the event of a breach. The compromised server’s function is important because its criticality may drive the recovery timeline.

You also may want to consider engaging a third-party that specializes in security forensics.

This series will cover 3 important items:

1) Understanding & assessing the breach
2) Setting up forensics & recovery teams
3) Recovering from the breach

Although this series won’t replace what a competent security firm can accomplish, it does provide an overview of some core processes, procedures, and activities you can do to potentially recover from a breach. And because each incident varies based on your computer system, be sure to conduct additional analysis and consult with experts to double-check your breach identification and resolution plan. (more…) «How to Recover from a Linux Security Breach – Forensics, Analysis, & Building Teams (Part 1)»