Closing Security Gaps for Uptime Continuity: Firewall, DDoS, and WAF Installations

Introduction

The uptime of servers is critical for business continuity. However, cyber attacks and security vulnerabilities threaten this continuity. In this article, we will explore the installation of firewall, DDoS protection, and WAF (Web Application Firewall) to enhance the security of your servers.

Diagnosing Server Status

First, you should use some commands to diagnose the current status on your server:

• top: Displays CPU and memory usage on the server.
• htop: A more detailed process viewer, showing resource usage graphically.
• dmesg: Displays kernel and system messages, useful for detecting potential errors.

Firewall Installation

Installing a firewall on your server is crucial as the first step. You can install a firewall by following these steps:

1. Install UFW (Uncomplicated Firewall):
   Connect to your server via SSH and run the following commands:

sudo apt update
sudo apt install ufw

2. Enable the Firewall:
   Activate the firewall with the following command:

sudo ufw enable

3. Open Required Ports:
   Open the necessary ports for your web server:

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

Implementing DDoS Protection

To protect against DDoS attacks, follow these steps:

1. Install Fail2Ban:
   Connect to your server via SSH and run the following commands:

sudo apt install fail2ban

2. Configure Fail2Ban:
   Edit the following file to enhance your level of protection:

sudo nano /etc/fail2ban/jail.local

Add the following example configuration to the file:

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
bantime = 600

3. Restart the Service:
   Restart the Fail2Ban service to apply the changes in the configuration:

sudo systemctl restart fail2ban

Web Application Firewall (WAF) Installation

A WAF provides protection against attacks on your web applications. You can install a WAF by following these steps:

1. Install ModSecurity:
   Install ModSecurity to work with Apache or Nginx:

sudo apt install libapache2-mod-security2

2. Enable ModSecurity:
   Activate ModSecurity with the following command:

sudo a2enmod security2

3. Edit the Configuration File:
   Edit the following file:

sudo nano /etc/modsecurity/modsecurity.conf

Find and change the following line:

SecRuleEngine On

4. Restart Apache:
   Restart the Apache service to apply the changes in the configuration:

sudo systemctl restart apache2

Conclusion

Closing security gaps is crucial for maintaining the uptime of your servers. By following the steps outlined above, you can protect your servers from DDoS attacks, enhance security with a firewall, and safeguard your web applications with a WAF.