Physical Server Security: Firewall, DDoS and WAF Setup Guide

Introduction

Closing security gaps is critical for the healthy operation of physical servers. In this article, we will detail the steps required to protect your servers with the installation of firewalls, DDoS protection, and Web Application Firewalls (WAF).

Firewall Setup

A firewall is the first line of defense against external threats to your server. You can configure a firewall using iptables or firewalld on Linux servers.

Step 1: Basic Firewall Setup with Iptables

You can install iptables by running the following commands in the terminal:

sudo apt-get install iptables

Step 2: Defining Basic Rules

First, let's block all incoming connections and allow only specific ports:

sudo iptables -P INPUT DROP
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Step 3: Saving the Rules

Use the command below to save your changes:

sudo iptables-save > /etc/iptables/rules.v4

DDoS Protection

There are various methods to protect against DDoS attacks. In this section, we'll set up a simple DDoS protection mechanism.

Step 1: Installing Fail2Ban

Fail2Ban can be used to protect your system from malicious IP addresses. Install it as follows:

sudo apt-get install fail2ban

Step 2: Configuring Fail2Ban

Edit the Fail2Ban configuration file:

sudo nano /etc/fail2ban/jail.local

Add the following parameters:

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600

Step 3: Starting the Fail2Ban Service

Start the Fail2Ban service:

sudo systemctl start fail2ban

Web Application Firewall (WAF) Setup

A WAF protects your web applications from targeted attacks. ModSecurity is a popular WAF.

Step 1: Installing ModSecurity

If you are using Apache or Nginx, install ModSecurity:

sudo apt-get install libapache2-mod-security2

Step 2: Configuring ModSecurity

Edit the ModSecurity configuration file:

sudo nano /etc/modsecurity/modsecurity.conf

Find the following line and change it to "On":

SecRuleEngine On

Step 3: Restarting Apache or Nginx

After configuration, restart your web server:

sudo systemctl restart apache2

Conclusion

In this article, we covered essential security measures for physical servers. Firewall, DDoS protection, and WAF are critical components to enhance your server security. Remember, security is an ongoing process and should be regularly updated and monitored.