Pre Sales Question on Security

@marcus0263:

OK call it a dumb question but since Linode is a manage your own environment I do have a question concerning security. Am I going to need to set up my own Firewall or does Linode provide adequate protection? That and what kind of support should I expect from Linode if I either get DDoS'd, hacked, etc.
This isn't any sort of official answer, but my understanding is:

Linode doesn't do any firewalling of their own, so if you want a firewall, you'd have to set it up yourself (unless there are distros that set one up automatically?).

Some of their data centres filter a few ports…

http://www.linode.com/wiki/index.php/FA … blocked.3F">http://www.linode.com/wiki/index.php/FAQ#WhichTCPPortsareblocked.3F

… but that's not the kind of thing you'd want to rely on for security.

If they noticed you got hacked, I suspect they would let you know, and perhaps disable your linode if they saw your machine was attacking others.

And if you get DDOSed more than once or twice, they will ask you to leave.

My impression is that most Linode customers run a firewall. Apart from some filtering to prevent you from screwing with addresses you don't own, your Linode is connected to the Internet 'as is' (the Atlanta DC filters some ports). Those customers that don't run a firewall take care to only enable the services they need. Lots of people take steps to protect ssh from miscreants trying common userid/password combinations - non-standard port, fail2ban or firewall restriction of connecting addresses.

Management is all down to you - if your Linode gets pwned, you get to fix it - plenty of support is available on the IRC channel. Backups are down to you as well (RAID protects against disk failure - offsite backups protect you against everything else).

If a DDOS affects other customers, Linode will protect them by null-routing the affected IP. Activities that invite DDOS attacks are strongly discouraged. Persistent DDOS 'victims' are usually invited to take their business elsewhere.

Edit: piglet beat me to it.

OK so basically set it up the server like you would be putting in a DMZ.

Cool

Thanks, just checking to see if they do any "funky" stuff

@marcus0263:

Thanks, just checking to see if they do any "funky" stuff The blocked ports at the Atlanta data center are actually pretty extensive. I nmap'd one of my linodes there once, I can't seem to find the list but it's big.

@ArbitraryConstant:

The blocked ports at the Atlanta data center are actually pretty extensive. I nmap'd one of my linodes there once, I can't seem to find the list but it's big.

The list is here. We've really only received complaints about IRC ports in Atlanta, however most networks listen on alternate ports.

-Tom

@tasaro:

@ArbitraryConstant:

The blocked ports at the Atlanta data center are actually pretty extensive. I nmap'd one of my linodes there once, I can't seem to find the list but it's big.

The list is here. We've really only received complaints about IRC ports in Atlanta, however most networks listen on alternate ports.

-Tom

Interesting, so how do I know where my site is located and if it is Atlanta how do I get it moved?

Thanks,

Jim

In the "Host Summary" section, where it gives you your CPU usage, it'll tell you the name of the machine you're on. If it's hostxx.atlanta.linode.com, you're in Atlanta.

If you want to move, you can just create a support ticket.

@Xan:

In the "Host Summary" section, where it gives you your CPU usage, it'll tell you the name of the machine you're on. If it's hostxx.atlanta.linode.com, you're in Atlanta.

If you want to move, you can just create a support ticket.

Thanks, looks like I'm in Dallas. It works fine there, so I'll just leave well enough alone.

Jim.