I've been given the opportunity to secure an LAMPserver. I 've never done this before but there is a first time for everything.
This is the layout of the system:
First of course there is OS hardening. I mention it since I've noticed that it isn't done by everyone. It is an Ubuntu server and google was my friend :). There are tons of info out there.
All ports except port 80 will be closed towards the Internet and port 80 will be connected to the web server by using NAT. On the web server the only ports open are HTTPS and SSH.
The server has a firewall and 3 rules:
1. Close every port
2. Allow the HTTPS traffic from the internal network and the Internet
3. Allow SSH trafic from the internal network and the Internet.
I am not happy with the last one, I will change it so that only the admin has access from his laptop but right now it is not my primary concern.
In my next post about securing the a LAMP, I'll be talking about the apache web server. Meanwhile if you have any suggestions or questions just give me a reaction.