Linux Server Outside of Firewall

Toggle sidebar Toggle sidebar
P

pcthuglife

Member
May 3, 2005
173
0
0
I've always kept my servers behind my lan's firewall and just enabled port forwarding for whatever services I wanted to make public (ie: 80, 443, 25, 110, etc).

My new employer keeps all of their servers outside of the firewall, which makes me a little nervous but maybe I'm just being too paranoid.

So i setup a CentOS 4.3 server to run apache, dns, and postfix. In CentOS' firewall settings I checked the box to allow HTTP access (port 80 and 443), then I manually specified tcp port 53 for DNS.

Postfix is running, but it's only configured for localhost sending, so in the security window I unchecked the SMTP mail server option.

The problem is when I run a port scan on the server the port scan shows 6 open ports. 21, 25, 53 80, 110, and 443 are all "open" according to the port scanner. Is this a security threat or should I be ok? I don't have an FTP service running, so I have no idea why 21 is open. Postfix is enabled but the firewall isn't configured to allow mail connections, so I can't explain 25 and 110 (Dovecot is also disabled). 53, 80, and 443 all make sense because they are for the services I want to make public.

I guess my real question is should I try to manually configure the iptables rules or just use the default CentOS security options? I mean it is an "Enterprise" linux distro so I figured they should do things with stability and security in mind. I'd rather not go modifying things by hand.

Please let me know what you all think about my situation. Thanks!
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
What's running on the ports other than 80, 443, and 53? lsof or may be fstat should be able to tell you.

Is postfix configured to listen on the external interface? If so, change it so it's only listening on loopback.
 
P

pcthuglife

Member
May 3, 2005
173
0
0
I have inet_interfaces = localhost in my main.cf file. When I run netstat and grep 21 and 110 I don't get any listen results. It's not that the server has running services listening on those ports, it's that the firewall doesn't have those ports closed by default. Even though in the CentOS security level settings the only ports I have allowed are 80, 443, and 53. So should I be concerned or will the server just ignore requests on those other ports since there aren't any listening services? Also should I push to get the server behind a firewall or should it be fine on its own?
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
The firewall should block everything that isn't specifically opened. So if a scanner is reporting something as open then something is listening.

Servers should be behind firewalls too.
 
I

InlineFive

Diamond Member
Sep 20, 2003
9,599
2
0
Servers should always be behind a firewall, I don't know what your employer is thinking.
 
P

pcthuglife

Member
May 3, 2005
173
0
0
nope, no dmz, just straight link to the web. this is going to be a big adjustment for me because I was the network admin of the last company I worked for, now I have to follow someone else's decisions. I expressed my concern and said that there should be some kind of hardware firewall in place to protect the server. They didn't seem to understand the concept of port forwarding to open the firewall up for the specific services that we want to run. Right now it goes T1 -> Switch -> Server
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
Perhaps your employer was talking about a DMZ?
Click to expand...

Even servers in a DMZ are behind firewalls, unless you're talking about a crap SOHO "port forward everything" DMZ.

They didn't seem to understand the concept of port forwarding to open the firewall up for the specific services that we want to run.
Click to expand...

If there's anything important on those servers I would make sure my resume was up to date.
 
P

pcthuglife

Member
May 3, 2005
173
0
0
If something happens to the linux servers outside of the firewall they're not going to be able to point the finger at me. I've already gone ahead and covered my butt by expressing my concerns to other people around the office. In a diplomatic way of course

The servers aren't holding any real valuable information anyway. They're going to act as the company's primary DNS server and bugzilla database server. Of course then the new question comes up, why do you need two HP 2U blade servers with dual Xeon processors to run DNS and apache? The decision and purchase had been made before I started...



 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
If something happens to the linux servers outside of the firewall they're not going to be able to point the finger at me. I've already gone ahead and covered my butt by expressing my concerns to other people around the office. In a diplomatic way of course
Click to expand...

I wasn't even thinking that, I just figured if something like that happened you'd want to find another job either way. =)
 
D

Dravic

Senior member
May 18, 2000
892
0
76
Originally posted by: pcthuglife
If something happens to the linux servers outside of the firewall they're not going to be able to point the finger at me. I've already gone ahead and covered my butt by expressing my concerns to other people around the office. In a diplomatic way of course

The servers aren't holding any real valuable information anyway. They're going to act as the company's primary DNS server and bugzilla database server. Of course then the new question comes up, why do you need two HP 2U blade servers with dual Xeon processors to run DNS and apache? The decision and purchase had been made before I started...
Click to expand...


wow.. PRIMARY DNS outside your firewall, and not the ISP's...

dns poisoning in one of the best way to hack into a network, the fact that your servers are outside of you firewall give a hacker really easy ways to spoof and poison DNS traffic. I wouldnt trust any dns querey that thing returned to me. raise you concerns AGAIN. send an email to someone at the internet storm center and see if they can provide your some data on the matter.. if not they may be call you soon enough about the havok your mail and dns servers are causing....



 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom
sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |