Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Web Server Security?

Web Server Security? 10 months 3 weeks ago #38690

  • Maskkkk
  • Maskkkk's Avatar
  • Offline
  • Frequent Member
  • Posts: 42
  • Karma: 0
If you have a webserver / webapp, database and Webmin all on the same Linux machine, and you want to secure them for the internet; is it a good idea to only leave open the SSH, and web ports (443 and 80) and bind all the other private services (webmin, adminer or phpmyadmin, and database ports) only to the local loop back address (, ::1), and then secure SSH with a 4096-bit public / private RSA key, prevent password-based authentication and root logins...and finally only access these private services using SSH Local Forwarding?

I was thinking too to limit the ip or mac address of the machines that are allowed to access it in it's firewall.

Anything I missed here?

Thank you,

- A Man is not an island...that's why we have fourms!
Last Edit: 10 months 3 weeks ago by Maskkkk.
The administrator has disabled public write access.

Web Server Security? 10 months 2 weeks ago #38691

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Hi Maskkk!

Nice diagram btw!

Generally placing a machine in an DMZ zone with ports being forwarded from the Public to it, poses security risks. If all these services must run on the same box, then you do have limited options, however splitting them between two or more servers could provide a wise tactic.

These days, the deployment of servers/services accessed by the public, should also be accompanied by the installation of Firewalls and IPS systems, especially if we are taking about an organization.

Use the strongest possible encryption for SSH, limit access for specific accounts from which you can then SU to gain elevated privileges. As far as binding the services to the localhost - I'm not really sure if this can work, but it sounds like an interesting idea, however something tells me that it might not just be enough.

Finally, if you are able to limit the IP addresses that will have access to the server, then do it - no question asked, especially if there is no IPS and other means of protection such as advanced firewalls etc.

Hope this helps!

Chris Partsenidis.
Founder & Editor-in-Chief
The administrator has disabled public write access.
Time to create page: 0.080 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup