Firewall secure rules

[Pascal_Netenvie]

Hi,
I try to secure servers as much as possible.

As our servers never host this services : PostgreSQL, mail boxes, DNS rules, windows file sharing and don't allow/need external connection to databases,
is it really ok to set all these rules ?

POP3 (mail retrieval) server Deny incoming from all

IMAP (mail retrieval) server Deny incoming from all

Mail password change service Deny incoming from all

PostgreSQL server Deny incoming from all

Tomcat administrative interface Deny incoming from all

Samba (file sharing in Windows networks) Deny incoming from all

Domain name server Deny incoming from all

MySQL server Allow incoming from 127.0.0.1

Also is there any other services we can deny connect to ?
For example "Plesk VPN" (What is it for ?) or "Customer & Business Manager payment gateways" (We use plesk only to host our websites, no resell) ?

Thx for your answer.

 

[Pascal_Netenvie]

In the same way can we stop Dovecot and Bind services ?

 

[UFHH01]

Hi Pascal_Netenvie,

please READ the Plesk - KB - article 391: Which Ports Need To Be Opened for all Plesk Services to Work with a Firewall?

You will find it usefull to know, how Plesk is configured and you might find all informations about the used ports for Plesk on your server.
If you don't have a defined service running on your server, it is wise to NOT open these ports and you then don't have to define a custom rule for your firewall as well.

 

[Pascal_Netenvie]

Hey,
Thx for the link.

I know this but my question started with :
As our servers never host PostgreSQL, mail boxes, DNS rules, windows file sharing and don't allow/need external connection to databases ...

So do you think this is ok ?

And also these points :
"Plesk VPN" (What is it for ?)
"Customer & Business Manager payment gateways" (We use plesk only to host our websites, no resell) ?

 

[UFHH01]

Hi Pascal_Netenvie,

to point: Plesk VPN
I hope that you don't get this wrong, but when you have to ask "What is it for ?", then you definetly don't need it on your server and shouldn't open ports for it and when you didn't open ports for it, then you don't have to customize firewall rules for this port(s) as well.

to point: Customer & Business Manager payment gateways
And again here as well: If you don't use a special service on your server, you will not open ports for it, which again makes customizing firewall rules useless.

 

[Pascal_Netenvie]

when you have to ask "What is it for ?", then you definetly don't need it on your server

Yes generally but i prefer to validate it cause sometimes you think a service is unused but it is in back.
And as we can't know everything it is always better to ask ...

If you don't use a special service on your server, you will not open ports for it, which again makes customizing firewall rules useless.

Ok. No cases of demon running for nothing and ports let open ?

Thanks.