Tuesday, November 18, 2014

Is fail2ban redundant when a server is firewalled?

The question I was asked today is pretty straight forward, do we still need to run fail2ban on our internet facing servers if we are running a firewall?

Quite simply the answer is that you'll want to run 'fail2ban' in nearly every scenario.  'fail2ban' provides a layer of security that is not made redundant by additional layers of security such as firewalls. They actually complement each other rather nicely.

When it comes to services such as http or SIP where we have to strike a balance between easy public access and reasonable security to safe guard against abuse and denial of service attacks, fail2ban gives us a tool that can stop a would be attacker after a few failed attempts.

I would argue that even if your service is on a corporate LAN and if remote users had to VPN in to access the service, fail2ban should one of the many tools you use on your servers to harden them from attack.

No comments: