What Firewalls Won’t Do
Posted by Erin | Filed under General
I had a customer ask me in a ticket today, “why isn’t my hardware firewall protecting my server against this brute-force [login] attack?”
My answer was “a hardware firewall will not protect your server against a brute-force attack.”
Why? because its not designed to do that. A hardware firewall is simply a traffic filter. It allows, disallows, or in some cases, routes traffic based on rules you set. It doesn’t know that Joe User’s account shouldn’t be logged into repeatedly from a Ukranian IP unless you tell it to only allow certain IPs through for that protocol.
That’s why we have scripts like BFD (http://www.rfxn.com/projects/brute-force-detection/).
Its also a good idea to move services like SSH to a random non-default port, disable direct root logins, and of course, only allow certain IPs to access services like SSH.
