Quote:
Originally Posted by rblampain
I intend to set up a web site on a dedicated web server in colocation (containing nothing else except the server OS).
Is it sufficient to make all files read only and use Apache mod_security or can a firewall offer extra necessary protection?
Thank you for your help.
|
A firewall can most certainly offer you valuable protection. For example, in many cases a firewall will keep your box from being used to attack other boxes when it gets cracked. It's good that you're thinking about security measures before deploying them (it's important to know whether a security measure will in fact reduce the risk you're interested in). That said, a firewall is an extremely basic tool (as in, it provides functionality considered essential by most system/network administrators) and therefore it's probably more difficult to come up with reasons NOT to have one.
Still, whether it's necessary for you is impossible for us to know at this point, since we have no idea what your requirements are or what your risk assessment looks like. Security measures can't be determined to be
necessary out of the blue. Have you gone through
unSpawn's
Security references thread? I suggest you do, even if only to get an idea of the types of security tools (and the vulnerabilities they try to mitigate) which are out there.
FWIW, I'll say this much: If I was forced to host a Web site on a server in which the only security measures were file permissions and
mod_security I'd be more than a bit concerned.