Alibaba Cloud Elastic Compute Service (ECS) provides a faster and more powerful way to run your cloud applications as compared with traditional physical servers. You can achieve great results on your cloud needs. With ECS, you can achieve more with the latest generation of CPUs as well as protect your instance from DDoS and Trojan attacks.
In this tutorial, we will talk about the best practices for provisioning your Ubuntu 16.04 server hosted on an Alibaba Cloud Elastic Compute Service (ECS) instance.
Ubuntu 16.04 comes with a default interface for interacting with IP tables known as UFW (Uncomplicated Firewall). UFW is a simplified tool which aims towards simplifying the process of setting up IP tables especially for beginners who are new to the Linux environment.
UFW is a right choice for adding another security to your Ubuntu 16.04 server running on Alibaba Cloud.
Although UFW is installed by default, you can use the command below to get it from Ubuntu’s repository if it was uninstalled:
$ sudo apt-get install ufw
Then, type the command below to allow all outgoing calls and deny or incoming calls.
$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing
You can use the UFW command below to allow traffic to a particular port or service:
$ sudo ufw allow
To avoid completely locking yourself from your Ubuntu server, the first port/service that you should allow on UFW is port 22 which listens for SSH connections.
To do this, type the command below to add the rule:
$ sudo ufw allow 22
Or
$ sudo ufw allow ssh
Also if you are running a web server, you should enable the http and https port:
$ sudo ufw allow http
$ sudo ufw allow https
Once you have whitelisted the services, run the command below to start UFW
$ sudo ufw enable
You can delete any rule that you have created by first checking its number and then deleting it via the commands below:
$ sudo ufw status numbered
Then
$ sudo ufw delete
Where is the value that you obtained above from the list of rules available.
Make sure ufw is enabled before checking the list of rules.
You can disable UFW at any time by typing the command below:
$ sudo ufw disable
Or just reset all rules by typing:
$ sudo ufw reset
In this guide, we will talk about the best practices for the initial setup of your Ubuntu 16.04 server hosted on Alibaba Cloud Elastic Compute Service (ECS).
Alibaba Cloud Elastic Compute Service (ECS) provides a faster and more powerful way to run your cloud applications as compared with traditional physical servers. You can achieve great results on your cloud needs. With ECS, you can achieve more with the latest generation of CPUs as well as protect your instance from DDoS and Trojan attacks.
On October 21, 2016, a DDoS attack hit the DNS service provider Dyn. The company is a major DNS provider for many companies in the United States.
In the morning of the attack, Dyn confirmed that its DNS infrastructure located in the East Coast had suffered DDoS attacks from all over the world. The attacks severely affected the business of Dyn's DNS customers, and even worse, websites of customers became inaccessible. These attacks lasted until 13:45 PM ET. Dyn said on its official website that it would track down this issue and release the incident report.
Alibaba Cloud WAF and Anti-DDoS Pro and are fully compatible. You can use the following architecture to deploy WAF and Anti-DDoS Pro together: Anti-DDoS Pro (entry layer, DDoS attack protection) > WAF (intermediate layer, web attack protection) > Origin.
The hosts file specifies the correspondence between the domain name and IP address. If a domain name has an IP address specified in the hosts file, the system will not resolve its IP address through the domain name system (DNS) when accessing this domain name, but will directly access the specified IP address instead.
Therefore, if your website is deployed with Anti-DDoS Pro or WAF services, you can modify the local hosts file to direct the website to the WAF without changing the online business flow. This allows you to test whether or not the business services work normally after they pass through WAF.
Anti-DDoS Pro is a value-added service used to protect servers, including external servers hosted in Mainland China, against volumetric DDoS attacks. You can redirect attack traffic to Anti-DDoS Pro to ensure the stability and availability of origin sites.
Web Application Firewall (WAF) protects your website servers against intrusions. Our service detects and blocks malicious traffic directed to your websites and applications. WAF secures your core business data and prevents server malfunctions caused by malicious activities and attacks.
The network is the only entry point for all cloud services. Network attacks, especially denial of service attacks, are the most diverse and harmful, and one of the most difficult to protect against network risks. This course is designed to help students understand the principles of DoS attacks in a minimum amount of time and learn common protection methods and Alibaba Cloud Anti-DDoS protection solutions to minimize or reduce the risk of network layer attacks, protect your cloud network security.
Nextcloud, OnlyOffice, and Spreed WebRTC with Docker in your ECS
2,599 posts | 764 followers
FollowAlibaba Clouder - December 21, 2018
Alibaba Clouder - June 19, 2018
francisndungu - May 29, 2019
Alibaba Clouder - June 11, 2018
Alibaba Clouder - August 27, 2020
francisndungu - May 29, 2019
2,599 posts | 764 followers
FollowA comprehensive DDoS protection for enterprise to intelligently defend sophisticated DDoS attacks, reduce business loss risks, and mitigate potential security threats.
Learn MoreMore Posts by Alibaba Clouder