Thought I’d pose this question in poll form to get more opinions on the matter. Only really interested in opinions on personal VMs and dedis as, of course, anything production/mission critical should be secured to the fullest.
My typical security practice is to install fail2ban, create a user, and disable root SSH login, then call it a day. I’ve never had a security breach (knock on wood), but I’m not sure if that’s due to me never really being specifically targeted or if my basic security is thwarting any attacks. I don’t run any mailservers and I try to limit any attack vectors (i.e. disabling portmapper services, etc.).
So the question is: Do you think iptables rules are essential for personal machines? Feel free to drop a comment to expand a bit on your selection.
P.S. I’m going to try to do a weekly poll that will vary on subject from week-to-week
LOCK IT DOWN (firewall rules are absolutely necessary)
CHILLAX BRO (you’re fine as long as you follow decent security practices)
I tend to, it’s simple enough and I have refined the iptables over a number of iterations, normally it is just a question of pasting it into a file and then putting iptables-restore into rc.local… why wouldn’t I? I tend to lock down services that aren’t “public” for example SSH only from my home IP.
I only firewall off things that need to be, and if nothing needs to be then I never touch the firewall. For example, a public facing service that has to be public facing but should only communicate with one end point, that I can firewall off to reduce access to potentially vulnerable applications. The rest though, why firewall off ports that aren’t open? If it’s open on the public interface, and isn’t redis, it’s for the general public to access (or for me to access on demand from random locations).
I only set a very hard password and done. No problem in over 10 years. More chances of being compromised due to php script or an unpatched security flaw which has nothing to do with ssh login or having firewall setup.
I guess a better question is why wouldn’t you use iptables? Like the first guy said, get a set of rules you always use and copy/paste them. Default block ftw so you don’t have to worry about some odd running service that you didn’t even know was installed on your VM.
My only excuse is a little more security. Like @coreyman said you never know with those pesky VMs! I guess a netstat will tell you everything is open, but I am definitely in the deny by default. I tend to run duo 2fa on my SSH sessions on personal machines too…