You are not logged in.

Pages: 1

#1 2017-11-29 12:06:20

mxb93
Member
Registered: 2017-11-29
Posts: 5

Server as Firewall

Hello everyone,

I'm using a virtual private server, mainly for backup/cloud usage.
In the past i've used it as an OpenVPN-server, too.
It's resources are barely used, so performance, uplink and even latency are no issue at all.
My plan was to connect my workstations to the server using VPN (even whole routers where possible) and protect all connected clients by strict firewall rules and Snort or Surricata, etc.
I can't use a stationary hardware firewall, as i visit different networks and i don't want to buy new hardware.
I don't need hints on how to configure these things in a way to protect my server, but I'm not sure if all connected clients are automatically protected, too.
Is that possible or are there hindrances i don't see, so i have to look for another solution?

Offline

#2 2017-11-29 14:10:55

lo1
Member
Registered: 2017-09-25
Posts: 584

Re: Server as Firewall

If you're really up to security, this doesn't sound very good to me. I don't even know if it is possible, but using a server as a firewall sounds counterintuitive.
If you're worried about possible malicious traffic from the outside, it's your gateway that needs to block unwanted packets.
Probably I'm getting it wrong: do you want to put the server as a next hop for your clients to the router, so that it switches every packet pointing to the LAN?

How To Ask Questions The Smart Way && Tacts Filters && K.I.S.S. &&
Rootless Root

Offline

#3 2017-11-29 14:36:07

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,332
Website

Re: Server as Firewall

To build on the above, your approach would offer some protection against threats that respond to your online activities.  Your workstations would be less conspicuous to potential threats but otherwise not protected.

"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#4 2017-11-29 17:53:14

mxb93
Member
Registered: 2017-11-29
Posts: 5

Re: Server as Firewall

@lo1: It's no public availiable webserver. It's mainly SFTP and SSH, all unused ports shut down. At worst case it could be targeted for usage in a botnet.

@Trilby: If i understand, i got to close all ports and follow the usual security guidelines, so there are no unespected connections to and from my local machines, except the VPN, right?

My idea was to lower the resource-usage for IDS/IPS by outsourcing it and adding this kind of security to devices without the ability to use IDS/IPS while being able to add more services later.
I guess using VPN would genereally be a good idea for unknown networks, so everything is encrypted from the beginning.
I will try to do it and then test if Snort or Surricata (undecided yet) is effective on my clients connections.

Offline

#5 2017-11-29 18:45:12

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,332
Website

Re: Server as Firewall

Anyone can try to connect to your machine at any time.  If there really no open ports, then a firewall is irrelevant.  So the point stands: the remote firewall adds no real protection to these machines.

"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#6 2017-11-29 19:29:53

mxb93
Member
Registered: 2017-11-29
Posts: 5

Re: Server as Firewall

Do i misunderstand the way Snort and Surricata are working? They don't just simply open or close ports, they inspect connections based on rulesets.

Offline

#7 2017-11-29 20:18:16

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,332
Website

Re: Server as Firewall

No, I have no idea what those are, but I think you are missing my logic: those are tools running on the VPS, right?  No matter what is running on your VPS and random computer our there can try to connect to your local workstation directly.  You are right that if you have no ports open on that workstation then this isn't much of a concern, but the VPS has absolutely no impact on this.  Thus my conclusion: the VPS isn't providing security for your local workstation.

"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#8 2017-11-29 20:59:17

lo1
Member
Registered: 2017-09-25
Posts: 584

Re: Server as Firewall

mxb93 wrote:

It's no public availiable webserver. It's mainly SFTP and SSH, all unused ports shut down. At worst case it could be targeted for usage in a botnet.

mxb93 wrote:

My idea was to lower the resource-usage for IDS/IPS by outsourcing it and adding this kind of security to devices without the ability to use IDS/IPS while being able to add more services later.

Then, try it a bit: make a test environment (I think trying some Kali-like attacks can provide a good start), see if it can actually provide a sort of fallback security measure (but you really want to keep the gateway secure).

Trilby wrote:

No matter what is running on your VPS and random computer our there can try to connect to your local workstation directly.

...and this would be true.

How To Ask Questions The Smart Way && Tacts Filters && K.I.S.S. &&
Rootless Root

Offline

#9 2017-11-29 21:28:22

mxb93
Member
Registered: 2017-11-29
Posts: 5

Re: Server as Firewall

Trilby wrote:

No, I have no idea what those are, but I think you are missing my logic: those are tools running on the VPS, right?  No matter what is running on your VPS and random computer our there can try to connect to your local workstation directly.  You are right that if you have no ports open on that workstation then this isn't much of a concern, but the VPS has absolutely no impact on this.  Thus my conclusion: the VPS isn't providing security for your local workstation.

Trilby wrote:

No matter what is running on your VPS and random computer our there can try to connect to your local workstation directly.

lo1 wrote:

...and this would be true.

At the moment the only ports opened are those, which are needed. When switching to that solution, any port except those for VPN would be closed. So anything that would enter or leave my system would go solely by VPN.
It's about giving additional security, by analyzing the content with Snort or Surricata. Those are logging, analyzing and dropping connections based on rulesets. They mainly search for characteristics of malicious attacks.
They can also used for blacklisting and more.

Last edited by mxb93 (2017-11-29 21:28:58)

Offline

#10 2017-11-29 22:40:58

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,332
Website

Re: Server as Firewall

Ah, that makes a bit more sense.

I didn't realize by routing everything through the VPS that you would be able to close ports on the local machine that would otherwise be open.  This could certainly add some protection then.

"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#11 2017-11-29 23:01:47

mxb93
Member
Registered: 2017-11-29
Posts: 5

Re: Server as Firewall

Not by routing, but iptables.
I use archlinux on my workstations, too. Closing port with iptables is no big deal and no performance inpact, but using Snort or Surricata is.
Also those are not usable on all mobil devices.

Last edited by mxb93 (2017-11-29 23:10:39)

Offline

Pages: 1

Board footer

Powered by FluxBB