| Author |
Message |
marcus0263
Joined: 21 Jul 2008
Posts: 59
|
| Posted: Mon Jul 21, 2008 4:46 pm Post subject: Pre Sales Question on Security |
|
|
OK call it a dumb question but since Linode is a manage your own environment I do have a question concerning security. Am I going to need to set up my own Firewall or does Linode provide adequate protection? That and what kind of support should I expect from Linode if I either get DDoS'd, hacked, etc.
Thanks |
|
| Back to top |
|
piglet
Joined: 22 Oct 2006
Posts: 17
|
| Posted: Mon Jul 21, 2008 5:47 pm Post subject: Re: Pre Sales Question on Security |
|
|
marcus0263 wrote: OK call it a dumb question but since Linode is a manage your own environment I do have a question concerning security. Am I going to need to set up my own Firewall or does Linode provide adequate protection? That and what kind of support should I expect from Linode if I either get DDoS'd, hacked, etc.
This isn't any sort of official answer, but my understanding is:
Linode doesn't do any firewalling of their own, so if you want a firewall, you'd have to set it up yourself (unless there are distros that set one up automatically?).
Some of their data centres filter a few ports...
http://www.linode.com/wiki/index.php/FAQ#Which_TCP_Ports_are_blocked.3F
... but that's not the kind of thing you'd want to rely on for security.
If they noticed you got hacked, I suspect they would let you know, and perhaps disable your linode if they saw your machine was attacking others.
And if you get DDOSed more than once or twice, they will ask you to leave. |
|
| Back to top |
|
pclissold
Joined: 24 Oct 2003
Posts: 470
Location: Netherlands
|
| Posted: Mon Jul 21, 2008 6:01 pm Post subject: |
|
|
My impression is that most Linode customers run a firewall. Apart from some filtering to prevent you from screwing with addresses you don't own, your Linode is connected to the Internet 'as is' (the Atlanta DC filters some ports). Those customers that don't run a firewall take care to only enable the services they need. Lots of people take steps to protect ssh from miscreants trying common userid/password combinations - non-standard port, fail2ban or firewall restriction of connecting addresses.
Management is all down to you - if your Linode gets pwned, you get to fix it - plenty of support is available on the IRC channel. Backups are down to you as well (RAID protects against disk failure - offsite backups protect you against everything else).
If a DDOS affects other customers, Linode will protect them by null-routing the affected IP. Activities that invite DDOS attacks are strongly discouraged. Persistent DDOS 'victims' are usually invited to take their business elsewhere.
Edit: piglet beat me to it. |
|
| Back to top |
|
marcus0263
Joined: 21 Jul 2008
Posts: 59
|
| Posted: Mon Jul 21, 2008 6:38 pm Post subject: |
|
|
OK so basically set it up the server like you would be putting in a DMZ.
Cool
Thanks, just checking to see if they do any "funky" stuff |
|
| Back to top |
|
ArbitraryConstant
Joined: 10 Feb 2007
Posts: 52
|
| Posted: Tue Jul 22, 2008 10:38 am Post subject: |
|
|
| marcus0263 wrote: Thanks, just checking to see if they do any "funky" stuff The blocked ports at the Atlanta data center are actually pretty extensive. I nmap'd one of my linodes there once, I can't seem to find the list but it's big. |
|
| Back to top |
|
tasaro
Joined: 15 Apr 2003
Posts: 125
Location: Manahawkin, NJ
|
| Posted: Tue Jul 22, 2008 11:12 am Post subject: |
|
|
ArbitraryConstant wrote: The blocked ports at the Atlanta data center are actually pretty extensive. I nmap'd one of my linodes there once, I can't seem to find the list but it's big.
The list is here. We've really only received complaints about IRC ports in Atlanta, however most networks listen on alternate ports.
-Tom |
|
| Back to top |
|
AverageGuy
Joined: 03 Aug 2008
Posts: 14
Location: Georgia, USA
|
| Posted: Thu Aug 07, 2008 8:32 pm Post subject: |
|
|
tasaro wrote: ArbitraryConstant wrote: The blocked ports at the Atlanta data center are actually pretty extensive. I nmap'd one of my linodes there once, I can't seem to find the list but it's big.
The list is here. We've really only received complaints about IRC ports in Atlanta, however most networks listen on alternate ports.
-Tom
Interesting, so how do I know where my site is located and if it is Atlanta how do I get it moved?
Thanks,
Jim |
|
| Back to top |
|
Xan
Joined: 08 Feb 2004
Posts: 293
Location: Austin
|
| Posted: Thu Aug 07, 2008 8:48 pm Post subject: |
|
|
In the "Host Summary" section, where it gives you your CPU usage, it'll tell you the name of the machine you're on. If it's hostxx.atlanta.linode.com, you're in Atlanta.
If you want to move, you can just create a support ticket. |
|
| Back to top |
|
AverageGuy
Joined: 03 Aug 2008
Posts: 14
Location: Georgia, USA
|
| Posted: Fri Aug 08, 2008 10:05 am Post subject: |
|
|
Xan wrote: In the "Host Summary" section, where it gives you your CPU usage, it'll tell you the name of the machine you're on. If it's hostxx.atlanta.linode.com, you're in Atlanta.
If you want to move, you can just create a support ticket.
Thanks, looks like I'm in Dallas. It works fine there, so I'll just leave well enough alone.
Jim. |
|
| Back to top |
|
| |
