The Internet is full of hackers looking to break into an unprotected server on the internet to use for their own evil uses. Updating the server automatically is a good start but firewalling the server will also protect your server from multiple problems.
One way to secure a Web Server is to use UFW or Uncomplicated Firewall. UFW is a simple and easy to use firewall application that uses iptables for configuration according to Wikipedia.
UFW should be installed by just in case, run to ensure that it is:
sudo apt-get install ufw
Once that is done, run sudo ufw status to confirm that it is installed and running. You should get the output
Now run the command sudo nano /etc/default/ufw – this will open the configuration file in the nano editor. Look for the line
If it is set to no, change it to yes. This enables UFW for IP6 as well as IP4.
UFW has some default rules built-in by default to make life a little easier. These rules deny all incoming connections and allow all outgoing connections.What this means is that nobody can connect to your server but software installed on your server can connect out to the world
*sudo ufw default deny incoming *
sudo ufw default allow outgoing
Now the server is totally secure since nobody can connect, but its not very useful.
Now run to enable the new firewall rules, run the command
So to allow us to connect to the server via SSH for administration purposes, run the command
This allows connection to SSH on its standard port of 22. However, If you have moved SSH to a different port, then to allow SSH to connect, run the command
sudo ufw allow XXXX/tcp
where XXXX is the port number.
Now since we are securing a web server, it would help if the firewall would allow browsers to connect to the webserver, so to allow web connection, you run the commands: sudu ufw allow 80/tcp (For regular web traffic)sudo ufw allow 443/tcp (For encrypted web traffic/SSL)
sudo ufw enable
Checking that the firewall is active
You can then check if the rules are active by running
sudo ufw status
or if you want even more details
sudo ufw status verbose