Security, Firewalls and Ports

Firewalls

Lets understand Firewalls. They prevent access to a “port” which is like a door in your house allowing traffic in and out. If the door is locked then nobody can enter through that door. What if that is an empty door in your yard that has nothing behind it? It doesn’t actually go anywhere? Is there any point in locking it? That is what happens when you block ports that do not have services running behind them, the door is locked but it doesnt matter because there is nothing inside of it.
So you WANT to restrict access to ports that have services running behind them that can be insecure, which is just a few: SSH, RDP, VNC.
There are some services that are pointless if they are not publicly available like FTP and your Gameserver ports.

With that in mind lets develop a logical security policy

Security Policy

So first lets handle the ports and services that are common issues.

  • SSH
    The most secure method of accessing SSH to your Linux machines is to use a Key pair. I prefer to just use a secure password and change the port from 22 to something else .. not 122, not 222 .. something RANDOM.
    Also in your sshd_config make sure you set
    PermitRootLogin no
    and restart the service. This will prevent the vast majority of ssh issues while still allowing some access to yourself.
  • RDP
    Your Windows machines you need to access with RDP. Same thing applies. You can disable the Administrator account from logging in remotely and only allow your CYGServer account to login. Change the default RDP port.
  • Firewalls
    You need to allow access to all your gameserver ports. So in your Firewall I would allow ports in broad ranges rather than the small, hard to manage ports.
    2300-12000 all the Arma, Dayz, Ark etc
    12679 for the OGP Agent
    25000-32000 Minecraft, GTAV and ALL the Valve games
    21 for FTP
    22 for SSH (but its not REALLY port 22, you changed it)
    3306 MySql

Leave a Reply