Closing Security Gaps in Network Infrastructure: Firewall and DDoS Protection

Introduction

In today's world, the security of network infrastructure is crucial to protect against cyber attacks. This article provides a step-by-step guide on the installation of firewalls, DDoS protection, and Web Application Firewalls (WAF). Our goal is to secure your servers and applications.

Firewall Installation

We will use iptables to perform firewall installation on a Linux-based server. By following the steps below, you can create a basic firewall configuration:

Step 1: Installing Iptables

First, check whether iptables is installed on your system:

sudo iptables -L

If not installed, use the following command for installation:

sudo apt-get install iptables

Step 2: Basic Setup

You can perform a basic setup with the following commands:

sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -j DROP

Step 3: Saving Settings

To save the settings:

sudo iptables-save > /etc/iptables/rules.v4

DDoS Protection

To protect against DDoS attacks, we can use fail2ban. Fail2ban blocks an IP address after a certain number of failed login attempts within a specified time.

Step 1: Installing Fail2ban

Use the following command for installation:

sudo apt-get install fail2ban

Step 2: Configuration File

Edit the Fail2ban configuration file:

sudo nano /etc/fail2ban/jail.local

Add the following settings:

[sshd]
enabled = true
port    = ssh
filter  = sshd
logpath = /var/log/auth.log
maxretry = 5
findtime = 600
bantime = 3600

Step 3: Restarting the Service

Restart the service for the changes to take effect:

sudo systemctl restart fail2ban

Web Application Firewall (WAF) Installation

It is important to set up a WAF to protect your web applications. We can install a WWAF using ModSecurity and OWASP CRS.

Step 1: Installing ModSecurity

Use the following commands for installation:

sudo apt-get install libapache2-mod-security2

Step 2: ModSecurity Configuration

Edit the configuration file:

sudo nano /etc/modsecurity/modsecurity.conf

Find and change the following line:

SecRuleEngine On

Step 3: Installing OWASP CRS

To install OWASP CRS:

git clone https://github.com/coreruleset/coreruleset.git /usr/local/src/coreruleset
sudo cp -r /usr/local/src/coreruleset/crs-*/ /etc/modsecurity/

Step 4: Restarting Apache

Restart Apache for the configurations to take effect:

sudo systemctl restart apache2

Conclusion

By following the steps above, you can close significant security gaps in your network infrastructure. With firewall, DDoS protection, and WAF installations, it is possible to secure your server and web applications.