Changes

Jump to: navigation, search

OPS345 Lab 2

1,712 bytes added, 19:57, 18 December 2021
Firewalls
= Firewalls =
* The purpose Firewalls are a very important but often overrated means of securing network resources. They're basic function is to prevent access to network ports or protocols no matter how the server software is configured. For example you can have a web server that listens on port 80 from any source, but you might configure a firewall on to only allow access to port 80 from a server on the internet* AWS Security Groups and iptablesspecific subnet.
== Some firewalls have extra features as well. For example iptables setup ==is also capable of providing port forwarding functionality.
{{Admon/important|A firewall alone is not enough to secure a server!|It will prevent many types of attacks, but it will be completely useless against many other types of attacks. A firewall is only one tool in an administrator's security toolbox.}} One basic component in an AWS VPC is a Security Group. It's very similar to iptables in that it is a list of rules for incoming and outgoing traffic. You create a security group and assign it to an instance. There are some differences from iptables though:* A security group can be assigned to more than one machine, so they all share the same rules.* A security group can also be configured as a source/destination paramter in another security group. That's probably where the "group" part of security group comes from. In this course we'll learn to use both AWS security groups and iptables, because AWS security groups are too AWS-specific. == Install iptables == '''iptables-services''' is not installed by default on Amazon Linux, but it is available in the repositories. We're going to use it on the router to provide port forwarding for SSH access to all your AWS VMs. * Install iptables-serviceson router, then enable and start the service (same as you did in OPS245).** Notice that the default rules are the same as the ones you've seen in OPS245 in CentOS. These rules are evaluated ''after'' the incoming traffic makes it past the rules in
* iptables fundamentals
* Securing services that need to be publicly accessible

Navigation menu