The most common means of protecting a network is using a software-based firewall . The biggest problem with firewalls is that people think they're more than they actually are. A firewall's major strength is protecting against traffic-based attacks (DoS,or DDoS). If you let people into your network from the outside, the firewall has no way of differentiating between a legitimate user and a hacker. A firewall is not a substitute for strong operation system (OS) and application security.

If you're going to use a software-based firewall package on a Linux or a FreeBSD server or any system, keep in mind that the firewall is the application. As such, a system-based firewall such as: APF and BFD won't offer much security if the underlying OS isn't hardened.

While it's unfortunate that society has produced the types of losers that make such measures necessary, there are steps you can take to protect your data. It's just that security has become an ever-growing aspect of network administration and this growth shows no signs of abating. Vigilance is as important a quality as technical expertise. Unless you have a very good background knowledge in system administration, following a step-by-step instruction given on forums or a tutorial does not mean you are any safer. Tutorials are and should be used as guidelines only and baselines; every server needs to be looked at and handled individually to ensure maximum security possible.

Security is not a "set it and forget it" proposition. Because there are no absolutes, constant monitoring is essential. New attacks are being developed every day and if you're simply going to respond once an attack is discovered it's likely too late. Hackers will use DoS/DDoS attacks, log alterations (provided they can gain access), and other means to disguise other, more intrusive, exploits. In many cases simply waiting for obvious evidence that you've been hacked means you'll never know you've been hacked. The hackers will sneak in, grab what they want, and sneak back out again covering their tracks as they go.

In short, any security plan that is reactive rather than proactive is pretty lame. In addition to the security measures mentioned above, there are several things you can do to be more proactive in ensuring security:

• Monitor log files - By routinely monitoring system and application log files you get to know what's "normal" which makes it easier to spot things that just don't look right.
• Make sure your DC use a very good hardware based firewall system with their servers.
• Harden, properly configure, and optimize your server and network.
• Install system based firewall including Mod Security, Mod Evasive, and Tripwire.
• If you can afford it, get a "standby server", just in case your server get compromised, or there is a hardware failure, the standby server will take over a lot quicker than trying to figure out what happened to the production server.

For more information Internet attacks, go to: http://servertune.com/kbase/entry/64

*** NOTE ***
Our Linux certified engineers are ready to help secure, harden, and optimize your server. Sign up for the ServerTune Plan to put your server in perfect working condition. If you have any questions, please don't hesitate to send a message to customerservice@servertune.com