What You Need To Know
In order to keep your data secure, your systems should be carrying at least the following three checks:
- Is the user’s system allowed to access this service?
- Is the user who they say they are?
- Is the user allowed to access this service?
The second of those, authentication, is typically verified by a username/password or, increasingly, by two factor authentication. The third, authorisation, is typically managed by the application. The first is a blunter instrument, and may implement controls such as “users may not access the development server from the Internet”. Mandating such rules is the role of a firewall.
Every server should be protected by a firewall. It doesn’t have to be a multi-thousand pound standalone device: it may be sufficient to simply use the firewall software that comes as part of Linux. The configuration of the firewall depends upon the role of the server, but the bottom line is that you should only allow the minimum access necessary for the server to perform its allocated tasks.
So, for a web server, you may well allow web access from anywhere, but you may allow updates to the website only from your offices.