From 182a570f7fa1729567504d01a67cf9949bd0857e Mon Sep 17 00:00:00 2001 From: InfraCharm Date: Sun, 13 Oct 2024 18:17:57 +0000 Subject: [PATCH 1/8] Adds Security Section --- astro.config.mjs | 7 ++ src/content/docs/security/accesscontrol.mdx | 15 ++++ src/content/docs/security/basicsecurity.mdx | 59 +++++++++++++++ src/content/docs/security/firewalls.mdx | 84 +++++++++++++++++++++ src/content/docs/security/resources.mdx | 19 +++++ 5 files changed, 184 insertions(+) create mode 100644 src/content/docs/security/accesscontrol.mdx create mode 100644 src/content/docs/security/basicsecurity.mdx create mode 100644 src/content/docs/security/firewalls.mdx create mode 100644 src/content/docs/security/resources.mdx diff --git a/astro.config.mjs b/astro.config.mjs index 753d311521..82045c7ed1 100644 --- a/astro.config.mjs +++ b/astro.config.mjs @@ -51,6 +51,13 @@ export default defineConfig({ }, collapsed: true, }, + { + label: "Server Security", + autogenerate: { + directory: "/security/", + }, + collapsed: true, + }, { label: "Server Troubleshooting", autogenerate: { diff --git a/src/content/docs/security/accesscontrol.mdx b/src/content/docs/security/accesscontrol.mdx new file mode 100644 index 0000000000..20d5f075c7 --- /dev/null +++ b/src/content/docs/security/accesscontrol.mdx @@ -0,0 +1,15 @@ +--- +description: Access Control +title: Access Control +slug: sec/accesscontrol +--- + +### Access Control and Role-Based Access Control (RBAC) + +**Access Control** is a fundamental security concept that ensures only authorized users can access specific resources, systems, or data. By managing access, organizations can prevent unauthorized actions, such as data breaches, accidental deletions, or system compromises. + +**Role-Based Access Control (RBAC)** is a specific method of managing access by assigning permissions based on roles within an organization. Instead of giving permissions directly to users, roles are created (e.g., admin, user, guest), and users are assigned to these roles, simplifying permission management. + +Be sure to configure your system in a manner that allows those with access only to resources or data they will need for work. + +--- diff --git a/src/content/docs/security/basicsecurity.mdx b/src/content/docs/security/basicsecurity.mdx new file mode 100644 index 0000000000..e181643179 --- /dev/null +++ b/src/content/docs/security/basicsecurity.mdx @@ -0,0 +1,59 @@ +--- +description: Managing Your System(s) +title: Basic Security +slug: sec/basicsecurity +--- + +### Malicious Actors + +As with any public server, your IP is exposed in some way to the public. + +Malicious Actors (Hackers) are constantly scanning networks around the world in the hopes to find a vulnerable system they can attack. + +Vulnerabilities come in many different shapes and sizes and chances are you may have of heard or seen them in the past. + +**Some Examples** + + + +--- + +### Strong Passwords + +Having a strong password and a secure password storage are both great ways to help safeguard your system(s). + +A strong password is the first line of defense against unauthorized access. A weak or commonly used password makes it easy for malicious actors to gain access to your account(s) or system(s). + +**Strong Password Guidelines** + + +--- + +### Security Updates + +Software and Security updates often include multiple patches that fix vulnerabilities found either publicly through BugBounties or from the developers. + +**Outdated software can leave you exposed to attacks** + +Always update your software when a new release has been sent out. At a minimum, you should be updating your system(s) once a week if updates are available. + +--- + +### Backups + +One final thing before the Basics are over, Backups. + +Backups will save you in the event of file corruption or ransomware. + +There are 100s of opinions on which backup services are the best aswell as countless FOSS tools available on Github for backups. + +Please take backups into consideration when operating a system. \ No newline at end of file diff --git a/src/content/docs/security/firewalls.mdx b/src/content/docs/security/firewalls.mdx new file mode 100644 index 0000000000..b4310428cd --- /dev/null +++ b/src/content/docs/security/firewalls.mdx @@ -0,0 +1,84 @@ +--- +description: Firewalling and Protecting your System(s) +title: Firewalling +slug: sec/firewalls +--- + +### Server Firewalling + +The concept of firewalling is to prohibit access to your system via the network, or allow access to specific services running on the system. + +**Why this is important** + + +Depending on your host, your system has some sort of firewall already installed. If not, your host may offer a firewall panel to access and configure a hardware absed firewall, like a switch or a router. + +When configuring your firewall, always remember that the top-most rule is the first that will be run. + +For a basic, secure firewall setup on Linux, you could use something like UFW (UncomplicatedFirewall) + +For Example: +`ufw allow 22 # Allows traffic to the default SSH port` +`ufw allow 25565 # Allows traffic to the default Minecraft port` +`ufw deny 3306 # Denies all traffic to MySQL/MariaDB` + +*You would not want to use these rules in a production setup, this is just an example of using UFW.* + +For Windows, you have the option of using "Windows Defender Firewall with Advanced Security" +This does not follow the traditional rule of top-down routines for firewalls, but it will help you secure your system. + +--- + +### UFW Basics + +A basic firewall setup on linux for a Minecraft server running Pterodactyl would look like this: +`ufw allow from {Your Home IP}` # Allows your home IP to access the server entirely +`ufw allow from 172.18.0.0/8` # Allows the Pterodactyl Subnet access to the server's services +`ufw allow from {Your Server IP}` # Allows your server to access itself via the public IP +`ufw deny 3306` # Denies outside access to your Databases +`ufw deny 22` # Denies outside access to SSH +`ufw allow 25565` # Allows outside access to your Minecraft Server + +If you wanted to allow a staff member SSH access: +`ufw allow from {Their IP} to any port 22` # Allows their home IP to access port 22 + +You can find many tutorials online about the use of UFW. If you wanted a more advanced approach with more control, you can look into using IPTables. + +--- + +### ICMP + +We're going to take a look into ICMP, a protocol enabled by default on most systems. + +ICMP is mainly used for diagnostics and error-reporting in networks. It helps your system send error messages or information about the network it's on. The most common ICMP message is the `ping`. + +Malicious Actors can use ICMP to aid with Network Reconnaissance. + + +While it may make full sense to disable ICMP on your network, there are also some implications to this. + +**Trade-Offs** + +Pros + + +Cons + + +Keep this in mind when setting up your firewall. \ No newline at end of file diff --git a/src/content/docs/security/resources.mdx b/src/content/docs/security/resources.mdx new file mode 100644 index 0000000000..c2de7eeb1a --- /dev/null +++ b/src/content/docs/security/resources.mdx @@ -0,0 +1,19 @@ +--- +description: Helpful Resources for Security +title: Resources +slug: sec/resources +--- + +If you are running a large server or have little-to-no experience in Cybersecurity or System Administration, there are a ton of people willing to help you. + +For a DIY approach, most tutorials on [DigitalOcean](https://www.digitalocean.com/community/tutorials) should suffice. They go over basic and advanced System Administration techniques to include firewalling, RSA Keys, and other Linux basics. + +If you would rather pay experienced System Administrators to manage your system for you on a one-off or recurring basis, you can look at the following: +***Try to avoid Service Teams. They will hire anyone to do the work, with or without certifications*** + +| Name | Website | Discord | +|----------|----------|----------| +| InfraCharm Inc. | [Link](https://infracharm.com) | [Link](https://infracharm.com) | +| Jasmeow.Systems | [Link](https://jasmeow.me/jhq) | [Link](https://infracharm.com) | +| CraftSupport | [Link](https://www.craftsupport.net/) | [Link](https://discord.com/invite/SP87wwm6DU) | +| Rejsik | None | [Link](https://dsc.gg/rsas) | \ No newline at end of file From 4acd7a3849cb02414740f4972612aa840edab8ce Mon Sep 17 00:00:00 2001 From: InfraCharm Date: Sun, 13 Oct 2024 18:21:39 +0000 Subject: [PATCH 2/8] Adds Security Section - Fixed --- .astro/astro/content.d.ts | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/.astro/astro/content.d.ts b/.astro/astro/content.d.ts index c8d78bd1e9..d7c9e15d1e 100644 --- a/.astro/astro/content.d.ts +++ b/.astro/astro/content.d.ts @@ -809,6 +809,34 @@ declare module 'astro:content' { collection: "docs"; data: InferEntrySchema<"docs"> } & { render(): Render[".mdx"] }; +"security/basicsecurity.mdx": { + id: "security/basicsecurity.mdx"; + slug: "sec/basicsecurity"; + body: string; + collection: "docs"; + data: InferEntrySchema<"docs"> +} & { render(): Render[".mdx"] }; +"security/accesscontrol.mdx": { + id: "security/accesscontrol.mdx"; + slug: "sec/accesscontrol"; + body: string; + collection: "docs"; + data: InferEntrySchema<"docs"> +} & { render(): Render[".mdx"] }; +"security/firewalls.mdx": { + id: "security/firewalls.mdx"; + slug: "sec/firewalls"; + body: string; + collection: "docs"; + data: InferEntrySchema<"docs"> +} & { render(): Render[".mdx"] }; +"security/resources.mdx": { + id: "security/resources.mdx"; + slug: "sec/resources"; + body: string; + collection: "docs"; + data: InferEntrySchema<"docs"> +} & { render(): Render[".mdx"] }; "troubleshooting/connectivity.mdx": { id: "troubleshooting/connectivity.mdx"; slug: "ts/connection"; From eb5f3c9100ec9a8badd113e872dadc717204a4a6 Mon Sep 17 00:00:00 2001 From: InfraCharm Date: Mon, 14 Oct 2024 01:13:12 +0000 Subject: [PATCH 3/8] Added Backups to Security --- .astro/astro/content.d.ts | 77 +++++++++++---------- src/content/docs/security/backups.mdx | 44 ++++++++++++ src/content/docs/security/basicsecurity.mdx | 14 +--- 3 files changed, 87 insertions(+), 48 deletions(-) create mode 100644 src/content/docs/security/backups.mdx diff --git a/.astro/astro/content.d.ts b/.astro/astro/content.d.ts index d7c9e15d1e..719781e2d8 100644 --- a/.astro/astro/content.d.ts +++ b/.astro/astro/content.d.ts @@ -235,6 +235,13 @@ declare module 'astro:content' { collection: "docs"; data: InferEntrySchema<"docs"> } & { render(): Render[".mdx"] }; +"enhancements/Plugins/Free/MiniMOTD.mdx": { + id: "enhancements/Plugins/Free/MiniMOTD.mdx"; + slug: "e/pl/minimotd"; + body: string; + collection: "docs"; + data: InferEntrySchema<"docs"> +} & { render(): Render[".mdx"] }; "enhancements/Plugins/Free/auctionhouse.mdx": { id: "enhancements/Plugins/Free/auctionhouse.mdx"; slug: "e/pl/auctionhouse"; @@ -277,13 +284,6 @@ declare module 'astro:content' { collection: "docs"; data: InferEntrySchema<"docs"> } & { render(): Render[".mdx"] }; -"enhancements/Plugins/Free/minimotd.mdx": { - id: "enhancements/Plugins/Free/minimotd.mdx"; - slug: "e/pl/minimotd"; - body: string; - collection: "docs"; - data: InferEntrySchema<"docs"> -} & { render(): Render[".mdx"] }; "enhancements/Plugins/Free/playerauctions.mdx": { id: "enhancements/Plugins/Free/playerauctions.mdx"; slug: "e/pl/playerauctions"; @@ -760,6 +760,41 @@ declare module 'astro:content' { collection: "docs"; data: InferEntrySchema<"docs"> } & { render(): Render[".mdx"] }; +"security/basicsecurity.mdx": { + id: "security/basicsecurity.mdx"; + slug: "sec/basicsecurity"; + body: string; + collection: "docs"; + data: InferEntrySchema<"docs"> +} & { render(): Render[".mdx"] }; +"security/firewalls.mdx": { + id: "security/firewalls.mdx"; + slug: "sec/firewalls"; + body: string; + collection: "docs"; + data: InferEntrySchema<"docs"> +} & { render(): Render[".mdx"] }; +"security/accesscontrol.mdx": { + id: "security/accesscontrol.mdx"; + slug: "sec/accesscontrol"; + body: string; + collection: "docs"; + data: InferEntrySchema<"docs"> +} & { render(): Render[".mdx"] }; +"security/backups.mdx": { + id: "security/backups.mdx"; + slug: "sec/backups"; + body: string; + collection: "docs"; + data: InferEntrySchema<"docs"> +} & { render(): Render[".mdx"] }; +"security/resources.mdx": { + id: "security/resources.mdx"; + slug: "sec/resources"; + body: string; + collection: "docs"; + data: InferEntrySchema<"docs"> +} & { render(): Render[".mdx"] }; "tools/database.mdx": { id: "tools/database.mdx"; slug: "t/database"; @@ -809,34 +844,6 @@ declare module 'astro:content' { collection: "docs"; data: InferEntrySchema<"docs"> } & { render(): Render[".mdx"] }; -"security/basicsecurity.mdx": { - id: "security/basicsecurity.mdx"; - slug: "sec/basicsecurity"; - body: string; - collection: "docs"; - data: InferEntrySchema<"docs"> -} & { render(): Render[".mdx"] }; -"security/accesscontrol.mdx": { - id: "security/accesscontrol.mdx"; - slug: "sec/accesscontrol"; - body: string; - collection: "docs"; - data: InferEntrySchema<"docs"> -} & { render(): Render[".mdx"] }; -"security/firewalls.mdx": { - id: "security/firewalls.mdx"; - slug: "sec/firewalls"; - body: string; - collection: "docs"; - data: InferEntrySchema<"docs"> -} & { render(): Render[".mdx"] }; -"security/resources.mdx": { - id: "security/resources.mdx"; - slug: "sec/resources"; - body: string; - collection: "docs"; - data: InferEntrySchema<"docs"> -} & { render(): Render[".mdx"] }; "troubleshooting/connectivity.mdx": { id: "troubleshooting/connectivity.mdx"; slug: "ts/connection"; diff --git a/src/content/docs/security/backups.mdx b/src/content/docs/security/backups.mdx new file mode 100644 index 0000000000..0021fec74e --- /dev/null +++ b/src/content/docs/security/backups.mdx @@ -0,0 +1,44 @@ +--- +description: Backups for your System(s) +title: Backups +slug: sec/backups +--- + +Backups provide a peace of mind during events where your files become corrupt or if you are attacked by malware/ransomware. + +Having a built incident response plan can make or break your ability to overcome issues in production. + +--- + +### Incident Response + +**What is *your* first step of recovering your system after a failure?** + +This question needs to be answered in detail in an incident response plan. Your plan should cover multiple different types of incidents like a security breach, file corruption, malware removal, and unauthorized access. + +If you are unsure of what you would do in any of these scenarios, keep reading. + +--- + +### What to Backup + +When configuring backups for your system(s), you need to gather a list of which directories hold your most important data. + +For businesses this would be client data, financials, and core services that your clients might use. + +In the sense of game servers and game server hosting, you would want to save your databases that addons or plugins might use, as well as information about your panel and the actual game server files. + +Having these backed up properly will expedite your ability to come back online when accidents happen. + +--- + +### How to Take Backups + +Follow the 3-2-1 rule for backing up your system(s). You should have: +
    +
  • 3 Total Backups
    • +
  • 2 Local Backup on seperate machines
    • +
  • 1 Offsite Backup through a storage provider
    • +
+ +There are many storage providers out there and FOSS backup tools you can install and use. We won't get into that here but a quick google search should bring you to where you need to be. \ No newline at end of file diff --git a/src/content/docs/security/basicsecurity.mdx b/src/content/docs/security/basicsecurity.mdx index e181643179..dc19957f30 100644 --- a/src/content/docs/security/basicsecurity.mdx +++ b/src/content/docs/security/basicsecurity.mdx @@ -44,16 +44,4 @@ Software and Security updates often include multiple patches that fix vulnerabil **Outdated software can leave you exposed to attacks** -Always update your software when a new release has been sent out. At a minimum, you should be updating your system(s) once a week if updates are available. - ---- - -### Backups - -One final thing before the Basics are over, Backups. - -Backups will save you in the event of file corruption or ransomware. - -There are 100s of opinions on which backup services are the best aswell as countless FOSS tools available on Github for backups. - -Please take backups into consideration when operating a system. \ No newline at end of file +Always update your software when a new release has been sent out. At a minimum, you should be updating your system(s) once a week if updates are available. \ No newline at end of file From efe8be6b3b01802c1607bda6ca3ca846223be92f Mon Sep 17 00:00:00 2001 From: InfraCharm Date: Tue, 15 Oct 2024 01:51:14 +0000 Subject: [PATCH 4/8] Added Backups and more to Access Controls --- .astro/astro/content.d.ts | 14 +++++++------- src/content/docs/security/accesscontrol.mdx | 8 +++++++- src/content/docs/security/basicsecurity.mdx | 2 +- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/.astro/astro/content.d.ts b/.astro/astro/content.d.ts index 719781e2d8..536a4bd0f4 100644 --- a/.astro/astro/content.d.ts +++ b/.astro/astro/content.d.ts @@ -767,13 +767,6 @@ declare module 'astro:content' { collection: "docs"; data: InferEntrySchema<"docs"> } & { render(): Render[".mdx"] }; -"security/firewalls.mdx": { - id: "security/firewalls.mdx"; - slug: "sec/firewalls"; - body: string; - collection: "docs"; - data: InferEntrySchema<"docs"> -} & { render(): Render[".mdx"] }; "security/accesscontrol.mdx": { id: "security/accesscontrol.mdx"; slug: "sec/accesscontrol"; @@ -788,6 +781,13 @@ declare module 'astro:content' { collection: "docs"; data: InferEntrySchema<"docs"> } & { render(): Render[".mdx"] }; +"security/firewalls.mdx": { + id: "security/firewalls.mdx"; + slug: "sec/firewalls"; + body: string; + collection: "docs"; + data: InferEntrySchema<"docs"> +} & { render(): Render[".mdx"] }; "security/resources.mdx": { id: "security/resources.mdx"; slug: "sec/resources"; diff --git a/src/content/docs/security/accesscontrol.mdx b/src/content/docs/security/accesscontrol.mdx index 20d5f075c7..57c7b18375 100644 --- a/src/content/docs/security/accesscontrol.mdx +++ b/src/content/docs/security/accesscontrol.mdx @@ -10,6 +10,12 @@ slug: sec/accesscontrol **Role-Based Access Control (RBAC)** is a specific method of managing access by assigning permissions based on roles within an organization. Instead of giving permissions directly to users, roles are created (e.g., admin, user, guest), and users are assigned to these roles, simplifying permission management. -Be sure to configure your system in a manner that allows those with access only to resources or data they will need for work. +Be sure to configure your system in a manner that allows those with access only to resources or data they will need for work. + +Recommended System Permission Guidelines: +- System Operator: Full Access +- System Administrator: Full Access +- Senior Server Staff: MC Server Start/Stop Access +- Server Developer: MC Server Files & Start/Stop Access --- diff --git a/src/content/docs/security/basicsecurity.mdx b/src/content/docs/security/basicsecurity.mdx index dc19957f30..9475c90dd1 100644 --- a/src/content/docs/security/basicsecurity.mdx +++ b/src/content/docs/security/basicsecurity.mdx @@ -42,6 +42,6 @@ A strong password is the first line of defense against unauthorized access. A we Software and Security updates often include multiple patches that fix vulnerabilities found either publicly through BugBounties or from the developers. -**Outdated software can leave you exposed to attacks** +**Outdated software can leave you exposed to attacks.** Always update your software when a new release has been sent out. At a minimum, you should be updating your system(s) once a week if updates are available. \ No newline at end of file From 169652ac6223eb34e8657ec02f88b521fca47e7b Mon Sep 17 00:00:00 2001 From: InfraCharm <157962730+InfraCharm@users.noreply.github.com> Date: Mon, 14 Oct 2024 21:54:29 -0400 Subject: [PATCH 5/8] Update resources.mdx Updated Jasmeow.Systems discord --- src/content/docs/security/resources.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/docs/security/resources.mdx b/src/content/docs/security/resources.mdx index c2de7eeb1a..3bc48d0e12 100644 --- a/src/content/docs/security/resources.mdx +++ b/src/content/docs/security/resources.mdx @@ -14,6 +14,6 @@ If you would rather pay experienced System Administrators to manage your system | Name | Website | Discord | |----------|----------|----------| | InfraCharm Inc. | [Link](https://infracharm.com) | [Link](https://infracharm.com) | -| Jasmeow.Systems | [Link](https://jasmeow.me/jhq) | [Link](https://infracharm.com) | +| Jasmeow.Systems | [Link](https://jasmeow.me/jhq) | [Link](https://discord.com/invite/Vs7Pm8UgNK) | | CraftSupport | [Link](https://www.craftsupport.net/) | [Link](https://discord.com/invite/SP87wwm6DU) | -| Rejsik | None | [Link](https://dsc.gg/rsas) | \ No newline at end of file +| Rejsik | None | [Link](https://dsc.gg/rsas) | From 8ea99ee59d4c8043b3a53cbb667dd79af032356f Mon Sep 17 00:00:00 2001 From: InfraCharm <157962730+InfraCharm@users.noreply.github.com> Date: Tue, 15 Oct 2024 00:39:33 -0400 Subject: [PATCH 6/8] Update firewalls.mdx --- src/content/docs/security/firewalls.mdx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/content/docs/security/firewalls.mdx b/src/content/docs/security/firewalls.mdx index b4310428cd..cf35a07bf4 100644 --- a/src/content/docs/security/firewalls.mdx +++ b/src/content/docs/security/firewalls.mdx @@ -47,6 +47,8 @@ A basic firewall setup on linux for a Minecraft server running Pterodactyl would If you wanted to allow a staff member SSH access: `ufw allow from {Their IP} to any port 22` # Allows their home IP to access port 22 +**Note** - Docker (Used with Pterodactyl and other popular panels) bypasses UFW rules. Docker rules MUST be set in IPTables. + You can find many tutorials online about the use of UFW. If you wanted a more advanced approach with more control, you can look into using IPTables. --- @@ -81,4 +83,4 @@ Cons
  • Some network protocols use ICMP messages (like "Destination Unreachable" or "Time Exceeded") to properly route traffic or avoid routing loops. Disabling ICMP can lead to inefficient routing and slower network performance
    • -Keep this in mind when setting up your firewall. \ No newline at end of file +Keep this in mind when setting up your firewall. From 057b67b0e0187a7cc3f5596033138e58cfdd1d8c Mon Sep 17 00:00:00 2001 From: InfraCharm <157962730+InfraCharm@users.noreply.github.com> Date: Tue, 15 Oct 2024 12:37:29 -0400 Subject: [PATCH 7/8] Update basicsecurity.mdx Updated CVEs --- src/content/docs/security/basicsecurity.mdx | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/content/docs/security/basicsecurity.mdx b/src/content/docs/security/basicsecurity.mdx index 9475c90dd1..e4fc266299 100644 --- a/src/content/docs/security/basicsecurity.mdx +++ b/src/content/docs/security/basicsecurity.mdx @@ -16,8 +16,6 @@ Vulnerabilities come in many different shapes and sizes and chances are you may
    • CVE-2021-44228 - Log4Shell (Log4J)
    • CVE-2021-38003 - Google Chrome Vulnerability
      • -
    • CVE-2022-21658 - RCE in Minecraft: Java Edition
      • -
    • CVE-2023-29347 - Steam Client Vulnerability
    @@ -44,4 +42,4 @@ Software and Security updates often include multiple patches that fix vulnerabil **Outdated software can leave you exposed to attacks.** -Always update your software when a new release has been sent out. At a minimum, you should be updating your system(s) once a week if updates are available. \ No newline at end of file +Always update your software when a new release has been sent out. At a minimum, you should be updating your system(s) once a week if updates are available. From 858b8646be235b8ff2b78f2bbd61a1ac2b5c85db Mon Sep 17 00:00:00 2001 From: InfraCharm <157962730+InfraCharm@users.noreply.github.com> Date: Tue, 15 Oct 2024 12:39:57 -0400 Subject: [PATCH 8/8] Update firewalls.mdx Updated DDoS mitigation. --- src/content/docs/security/firewalls.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/content/docs/security/firewalls.mdx b/src/content/docs/security/firewalls.mdx index cf35a07bf4..2db20ef9ac 100644 --- a/src/content/docs/security/firewalls.mdx +++ b/src/content/docs/security/firewalls.mdx @@ -15,6 +15,8 @@ The concept of firewalling is to prohibit access to your system via the network,
  • Firewalls can separate parts of your network to reduce the spread of potential security breaches.
  • Firewalls can mitigate Distributed Denial of Service (DDoS) attacks by controlling traffic flow and blocking malicious requests.
    • +*In the case of DDoS attacks, you must have available bandwidth (the attack volume must be lower than your total available bandwidth) to continue operating during the attack.* +*If you forsee anything larger than 10Gbps attacks (common) and don't have DDoS protection, try getting hardware firewall access or a 3rd party DDoS protection provider.* Depending on your host, your system has some sort of firewall already installed. If not, your host may offer a firewall panel to access and configure a hardware absed firewall, like a switch or a router.