One of the recommended security tools that you use on your personal computer is a firewall. This is equally true for a dedicated server or virtual private server. A firewall is used to prevent unauthorized connections to or from your server. It does this by matching connections against a list of rules for what the firewall should allow or block.
Internet communications take place over a variety of protocols, the more commonly used are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). These protocols define how the two computers should communicate with each other. Multiple applications can be communicating on a computer at any given time, so the protocols define “ports” which are numbered references used for the computer to match up incoming communications to the relevant program.
Most server applications use a standardized protocol and port so that users don’t have to be worried with these aspects regarding how networking actually works. For example, a web server will normally use TCP port 80 for unsecured communication via http, it will also use TCP port 443 for secure communications using https. Also, a DNS server will normally use UDP port 53 to listen for DNS requests.
A firewall will monitor all incoming and outgoing traffic on the server and can compare the protocol, port and IP address that traffic is both sent to and sent from against its list to decide whether to block the traffic or not. It’s a key to your security.
This can allow quite detailed matching and flexibility in how the firewall is used. More advanced firewalls are able to detect whether incoming traffic is part of an existing communication stream or the start of a new one. Some can also be software aware and capable of inspecting the network traffic to see if what is detected is actually what is expected for the application that is normally listening on that port.
So why do you need a firewall?
By default, once you configure and enable a network service on your server, anyone on the internet is able to connect to it and potentially use that service. This is fine for services that you want to be accessible publicly, but there are also services that you may not want to be. The general rule is that if you don’t need a service to be accessible by anyone on the internet, then you should use your firewall to restrict access. This is because hackers or malicious software such as worms will try to use vulnerabilities in any accessible service in order to gain control of a server for their own purposes. Restricting access to the software that doesn’t need to be accessed by other people can protect against the exploitation of these vulnerabilities.
Zero Day Exploits
While keeping software up to date is generally advised as a way to protect against vulnerabilities that may be exploited on your server, hackers often discover and make use of vulnerabilities of which the software developers are unaware. These are referred to as zero day exploits. Limiting access to these services can prevent against these zero day exploits being used on your server.
You might think that you have nothing on your server that is of much interest to anyone, especially if the server has just been set up and isn’t yet fully configured. Unfortunately that’s not the case. Within minutes of a server being put online, automated scanners will detect the IP address the server is using is now responding and will then begin probing it for known weaknesses. If they find any then the server may be compromised and used to attack other servers in the same manner, send spam or launch DDoS attacks against other internet users.