The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

seperate firewall box or csf ? sonicwall? cisco?

Discussion in 'Security' started by webstuff, Dec 28, 2011.

  1. webstuff

    webstuff Well-Known Member

    Joined:
    Jul 19, 2011
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    ok I have been looking at stuff.. and im in total loss.. I hear some people say you are fine with just cfs and others say no you need something more.. another box like sonicwall or cisco.. Sooooo what is it for the best security that I really need? should i purchase something with my cable provider too? should I get a box ? i havent had any problems that I am aware of... please any input would greatly be appreciated.
     
    #1 webstuff, Dec 28, 2011
    Last edited: Dec 28, 2011
  2. ruzbehraja

    ruzbehraja Well-Known Member

    Joined:
    May 19, 2011
    Messages:
    383
    Likes Received:
    7
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Start with CSF atleast. Only then will you know whether you need something more.

    If you dont have any problems, why are you planning on anything more elaborate?

    What is the traffic on your server like?
     
  3. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Athens Greece
    cisco equipment should be much better than an software firewall open source of course
    As much more you pay more you get. Specially if the providers network isnt ddos protected
    if the server didnt get various of attacks you should start with csf.
     
  4. faisikhan

    faisikhan Well-Known Member

    Joined:
    Dec 12, 2011
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Islamabad, Pakistan
    cPanel Access Level:
    Root Administrator
    Hi,

    For extreme security I assume that you have done all of this mentioned here 20 Linux Server Hardening Security Tips & if not then do so immediately. Change your server's root password & use sudo user in future to access the server which protects the root password. For more security you can use Cisco Firewall, I will recommend it, it will provide the extreme security and you will never be hacked.
     
  5. webstuff

    webstuff Well-Known Member

    Joined:
    Jul 19, 2011
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6

    Right now I do have CSF and yes by the looks of it.. I am getting attackers.. ddos maybe? I take the ips that trying breaking in.. I do a search over the internet and alot of places have them listed as ddos alot of ips from china.. but it really doesnt see to be doing that much on to the server yet.. I just want to be ready.. Make things better...
     
  6. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Athens Greece
    you can block china from csf the most of us we had block this country cause of various attacks
     
  7. ruzbehraja

    ruzbehraja Well-Known Member

    Joined:
    May 19, 2011
    Messages:
    383
    Likes Received:
    7
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    While a lot of attacks are recorded from china, blocking out all traffic from china, may leave genuine clients quite irritated.
    Eg: A logistics co. may have a lot of chinese clients / suppliers. They will be badly hit.

    Advantages of a Hardware Firewall:
    • Separate Stand-alone device, with a separate brain and heart - not dependent on your server
    • A single device protects multiple machines on the network (first line of defence) - not necessarily needed in your case.
    • Dynamic and more robust

    Limitations of a Hardware Firewall:
    • Can be pretty difficult to configure and fine tune for novices
    • Expensive
    • Another machine to monitor.

    You need to analyse your CSF logs over a period of time and determine whether the firewall is taking up too many resources on the server and you need to outsource that work to another hardware device.
     
  8. webstuff

    webstuff Well-Known Member

    Joined:
    Jul 19, 2011
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    thanks guys all this has been really helpful... Im just looking into more security. There is no problem with being ready for tomorrow.. I think I get about a close to a million visits a month with like probably about 25,000 uniques.

    Lately I been getting a lot of people have been trying user : system - to hack into.. Theres no user name under system... Not unless im missing something..
     
  9. storminternet

    storminternet Well-Known Member

    Joined:
    Nov 2, 2011
    Messages:
    462
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    If you are getting million visits a month then it is better to install hardware firewall rather than software firewall like csf, apf.
    Yes I agree that it is expensive and not easy to manage for inexperienced person but it is better solution as far as security is concerned.
     
  10. webstuff

    webstuff Well-Known Member

    Joined:
    Jul 19, 2011
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    Thanks again guys.. Im sort of leaning towards cisco mostly likely Any suggestions on models to stay away from or go with??.. Its just I dont know everything so any input is greatly appreciated... Sonicwall seems wonderful but maybe a bit off the suggested budget... I have setup netgear firewalls :)
     
    #10 webstuff, Jan 2, 2012
    Last edited: Jan 2, 2012
  11. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    You've got to be joking, right? A hardware solution for 1 hit per second? That's what a million hits per month is - 1 per second! Even if it's 5 per second, that's really hard to justify!

    As a few posters have said, see how you go with CSF, which is really iptables. Make sure you use a decent set of mod_securty rules, as CSF can be set to block those who attempt attack patterns continually. And make sure your server is security hardened as that also makes a difference.

    CSF actually does some things better than hardware devices - although it depends how much money you spend! I'm not really up to date, but I don't think the more affordable hardware devices block on attack signatures in web traffic.

    There are some rather nice lower end devices that could be affordable - I know Netgear have brought out some nice devices. The question to ask is, what are you looking for in a hardware device? And, should you be just relying on the hardware device or should you run stuff on the server as well? I've done pretty well with hardened servers and CSF - seems to stop nearly all generic hacking in it's tracks.
     
  12. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You might also check into your datacenter's existing firewall filtering devices. Most times, your datacenter will have something they are using, which they might be willing to allow paid access to do some of your own filtering if you asked them about it.
     
  13. glipschitz

    glipschitz Member

    Joined:
    May 21, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    We run a hardware firewall at the edge of our network and CSF on our cPanel boxes.

    The IDS & Filtering at the edge will stop things when they're a BIG problem, CSF protects the box itself and stops attacks that are targeted at the one device.

    If we then need to tighten something because we're seeing triggers across all of the CSF logs, we can make the change at the edge of the network quickly and effectively.

    Security is like an onion, it requires layers :)

    Cheers,

    Greg Lipschitz
    Summit Internet - Melbourne, Australia
    Web Hosting | Domain Name Registration | SSL Certificates | Hosted Exchange
     
  14. Serra

    Serra Well-Known Member

    Joined:
    Oct 27, 2005
    Messages:
    213
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Florida
    The comment about getting a hardware firewall is a good one. However, the type of attacks you are getting are normal. Chinese and Russian (to a lesser extent) hackers will pound away at your system. CSF does a good job of blocking the IP address to prevent them from hacking in.

    These types of attacks are not a problem for a secure system and really aren't anything to worry about. They aren't attacking YOU they are attacking everyone, looking for a system that can be exploited. With a secure system, they will poke you with a stick, see you are secure and move on to easier pickings.
     
Loading...

Share This Page