1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Should i disallow incoming traffic even there is no service to process it?

Discussion in 'Security' started by postcd, Jul 9, 2024.

0
  1. #1
    Hello,

    1)
    If on a Linux server is running only two publicly available services, lets say an Apache web server and a SSH server, is it still important for denial of service attacks mitigation to still disallow all traffic that does not match these two services even there are no other public facing services? Or it does not matter? Can you shortly explain why it matter or why not?

    2)
    Maybe in my layman point of view I am forgetting that Linux has more services/apps which can be affected by the incoming attack. For example I have found “chronyd is a daemon for synchronisation of the system clock.” listening on Debian (netstat -tulnp). Btw. is this netstat -tulnp command that shows me apps that potentially needs to be allowed in a firewall?

    I would prefer to keep on default iptables policy ACCEPT while possibly just disallowing that chronyd incoming connections. I am using ACCEPT policy for years on more than one server.

    Thank You
     
    postcd, Jul 9, 2024 IP
  2. GreenHost.Cloud

    GreenHost.Cloud Active Member

    Messages:
    414
    Likes Received:
    31
    Best Answers:
    3
    Trophy Points:
    73
    #2
    1) It is still important to disallow all traffic that does not match the two services to prevent potential attacks on other vulnerable services that may be running on the server. This can help mitigate risk and protect the server from unauthorized access or exploitation.
    2) Yes, the netstat -tulnp command can show you all the network services that are listening on the server, including potential services that may need to be allowed in a firewall. It is wise to review and secure all services running on the server, even if they are not publicly accessible, to prevent any potential security vulnerabilities.
    3) While using the default iptables policy of ACCEPT may be convenient, it is still recommended to deny incoming connections to unnecessary services like chronyd to further enhance the security of the server. This additional layer of protection can help reduce the risk of potential security breaches or unauthorized access.
     
    GreenHost.Cloud, Jul 22, 2024 IP
  3. r1ch11r1ch

    r1ch11r1ch Peon

    Messages:
    9
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    1
    #3
    Disallowing every port except 22,80,443 does not really matter if you have not running other services. Though, it is best practice. What if you add some random service in the future e.g. for testing and then forget about it, things like that are among the most common security flaws.
    Regarding denial-of-service attacks, it won't matter, they still can/will be performed on the web server - the thing that helps in this regard is a DDoS protection service like Cloudflare.
     
    r1ch11r1ch, Feb 20, 2025 at 8:30 PM IP
    postcd likes this.