Announcement

Collapse
No announcement yet.

Which ports should be closed? (Imunify360 Firewall)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Which ports should be closed? (Imunify360 Firewall)

    Hello !

    Please help me. I have a question for you. I started to start my own business as a CPanel hosting provider. I want to know which ports should I close? What ports are dangerous and cause hacking?

    Click image for larger version

Name:	firewall.png
Views:	712
Size:	37.2 KB
ID:	38893
    There is nothing here. Please tell me what should I add. Thanks

  • #2
    Hello Arman,

    Thank you for your interest in Imunify360 and for trusting us with the security of your servers!

    While hosting, it is impossible to close all the ports, so the default policy used by Imunify360 aimed to provide top-level protection while also without creating additional ado. Imunify360 is a solution of choice because it is easy to use and easy to manage. So at first, I would recommend starting with Imunify360's default Port policy - All open, except specified, and to narrow the attack surface by closing the ports to the services that are never used from outside.

    If you proceed with All closed, please be warned you need to think of ways to log back in beforehand. For example, it might be the SSH that is never closed or always accessible from a whitelisted subnet. You also may consider hiding this last chance to control mechanisms such as SSH behind a VPN, or another layer of protection, such as adding 2FA requirements to the PAM module or a Gateway, yet these measures need to be planned thoroughly.

    In summary, provided that testing and deploying new services (if any) will not happen on production servers, the above may create some ado while strengthening security only insignificantly. Security is a complex measure that requires an all-rounded weighted approach. Having said this, if I need to name a port that is commonly used yet should be closed, as of today, I would consider using FTP unsafe, as any other protocol such as WebMail, POP, SMTP, or WebDAV that allows connections without an unencrypted layer. Therefore whenever possible consider setting the services to use only encrypted ways of communication:
    https://docs.cpanel.net/whm/service-...-certificates/

    If you want to get further with closing ports, considering your setup, you can define that WHM port 2087 will not be opened from outside while cPanel 2083 will, nonetheless this seems unnecessarily complicated and not commonly used as a protection measure. As a general recommendation, disabling any insecure logins is enough and seems reasonable, e.g. disabling ports without SSL encryption such as 2082 and 2086 will not harm at all.

    So at this point, you probably need to concentrate on the ports that you can't close. As you will still need to have Web Ports opened, the Web Application Firewall. In this regard Imunify360 will handle IP lists automatically and block malicious actions on the spot:
    https://cloudlinux.zendesk.com/hc/en...klisting-works

    Our PAM module and OSSEC set of rules will have you covered against Bruteforce:
    https://blog.imunify360.com/configur...-in-imunify360

    Please visit our blog to read about recommendations on how to secure cPanel:
    https://blog.imunify360.com/17-ways-...curity-in-2021

    Also about protectin the cPanel's account:
    https://blog.imunify360.com/cpanel-h...cpanel-account

    Overall, please do not hesitate to ask us questions, the better you are familiar with the protection mechanisms, the more useful you may find them. Your business means a lot to us!
    Last edited by mchernyavsky; 12-05-2022, 04:00 PM.

    Comment

    Working...
    X