Everything You Need To Know About CSF Firewall

In this article, we are going to go over the basics of CSF Firewall, what it is, which platforms it runs on, and some basics about installing it.

We have tailored this information to new Linux system administrators or hobbyists who want to understand the basics of CSF Firewall, written out in plain English.


Linux: The Technical Environment We Are Working In

programming codes on a web

?Source: Pixabay

First of all, as we have already hinted at, if you want to run CSF Firewall, you need to be running a Linux server - not Windows or anything else.

Linux, as you probably already know if you are reading this, is an open source operating system based off of UNIX. (Linux is officially pronounced lee-nux (or a softer i as in “in”) and not like the name Linus van Pelt from Peanuts.)

CSF Firewall will run on the following Linux operating systems, and most likely newer versions as well:

  • RedHat Enterprise v5 to v7
  • CentOS v5 to v7
  • CloudLinux v5 to v7
  • Fedora v20 to v26
  • *openSUSE v10, v11, v12
  • *Debian v3.1 - v9
  • *Ubuntu v6 to v15
  • *Slackware v12

For these versions of Linux, you may need to customize some of the regex patterns used in functions.

CSF Firewall can also work on the following virtual servers:

  • **Virtuozzo
  • VMware
  • Xen
  • VirtualBox
  • **OpenVZ
  • MS Virtual Server
  • KVM

Both Virtuozzo and OpenVZ need the iptables to be configured correctly on the host server.

An Overview of CSF Firewall

Internet connection

?Source: Pixabay

CSF Firewall stands for ConfigServer Security & Firewall. It is a free Linux firewall provided by a UK company called Way to the Web Limited (trading as ConfigServer Services).

A firewall, as you probably already know, is a type of software that protects a computer or server from unauthorized intrusions and hacker attacks.

CSF Firewall has been around for a long time and has been considered for years a highly advanced firewall that is still simple enough for less experienced Linux system administrators. It has a ton of configurable options, but you don’t have to worry about all of them when getting started.

It is an alternative to other firewall options on Linux, such as APF Firewall.

You can install CSF Firewall on your Linux server and even use it on a VPS (Virtual Private Server).

Features of CSF Firewall

red and blue armor shield

?Source: Pixabay

CSF Firewall has a lot of great features and has configuration options for both simple installations and more complex needs. Here are just three of the many features of this free firewall software:

1. Login Authentication Failures

CSF Firewall will monitor your logins for repeated attempts to login. If too many login failures are recorded (which can indicate a hacking attempt), the software can automatically ban that IP address from accessing the server.

This feature works with mail servers, FTP servers, openSSH, administrative panels such as cPanel and WHM, websites protected by htpasswd files, and more.

2. Messenger Service

When an IP address is blocked, you can have CSF Firewall send a message to the client. This might provide additional information to a hacker, however, for a real user who might be stumped and frustrated by failed login attempts, it can be very helpful.

3. Port Flood Protection

The last thing you want is a Denial of Service (DOS) attack on your server. This will hang up your website and make it impossible to reach. CSF Firewall has configurable port flooding protection that can limit how many connections can be allowed within a certain time period.

Installing CSF Firewall

top view of workstation with hand on a laptop

?Source: Pixabay

How you install CSF Firewall will depend on what version of Linux you are running and other variables about your server environment. For the best advice on how to install CSF Firewall for your particular configuration, you should probably search “CSF Firewall installation on [Your Linux Version].”

Avoiding Conflicts with other Firewall Software

open laptop on a table

?Source: Pixabay

Make sure, if you want to run CSF Firewall on your machine, that you have uninstalled any other firewall software, as it could cause conflicts and generate problems. You would use your Linux package installer to remove existing firewall software, unless it was source installed.

On Linux versions such as CentOS, the package installer would be Yum. On Ubuntu and other versions, you may be using APT (Advanced Packaging Tool). These removal commands will differ based on the package installer, but can easily be found using an online search.

For example, if you want to remove APF Firewall version 9.6 from CentOS using Yum, you would use the command (as root):

rpm -e apf-9.6_5-1

With apt, the command might be:

apt remove apf-9.6_5-1

Or, if you are on Ubuntu and not logging in directly as root:

sudo apt remove apf-9.6_5-1

Remember, you would use the version number of the APF installation on your server, not necessarily the one shown here.

CSF Firewall Installation Instructions

If CSF Firewall is found in your package repositories, using the same package installer, you can download and install CSF Firewall that way.

If you are using the Synaptic package installer, which has an easy to use graphical interface, this might be the easiest route. Synaptic will install all the dependencies for you, making the process much quicker and easier.

Unfortunately, CSF Firewall is not included in many repositories, so you may need to download it manually. It is possible it might be available in some alternative repositories, in which case, you can add the repository to your package installer.

Alternatively, see below about Centmin Mod installation.

You will need to make sure Perl is installed on your machine, and if it isn’t, Perl must be installed first.

Assuming you have Perl installed, here are some simple commands to manually download and install CSF Firewall. These commands will work whether your server uses Apt or Yum:

# wget https://download.configserver.com/csf.tgz

# tar xfz csf.tgz

# cd csf

# sh install.sh

Make sure you are logged in as root, or, if using Ubuntu, prepend “sudo” in front of every command. (The pound sign above is indicative of a root prompt, and is not part of the command itself.)

Configuring CSF Firewall

Once you have installed the CSF Firewall software, you will need to configure it. There are many web pages with basic configuration information found easily through a search, such as this “how to” with basic command line instructions.

LAMP vs. LEMP Linux Installations

computer security to the web

?Source: Pixabay

For those who are more familiar with a traditional LAMP stack CSF Firewall works with LEMP.

If you want to experiment with running LEMP, or you don’t know what LEMPvs. LAMP is, we will cover that here.

1. LAMP

LAMP stacks are common set ups for website servers and are used across the Internet by companies big and small.

LAMP stands for Linux, Apache, MySQL, and PHP. Linux is the operating system, Apache is the web server, MySQL is the database server, and PHP is the scripted programming language that delivers the web sites.

2. LEMP

LEMP is pretty much exactly like LAMP, only it uses the nginx web server. Nginx is pronounced “engine-x.” Thus, we have an E in LEMP instead of the A for Apache.

Apache was around first and is a reputable web server, but has some limitations or at least stresses that are put on it at high loads. Nginx was specifically designed to address some of these problems that the Apache web server has.

Nginx has a smaller memory footprint and leverages asynchronous event-driven requests to improve performance at times of high web traffic.

If you are setting up a new Linux web server from scratch, and trying to decide between LAMP and LEMP, you might want to go with LEMP. Besides the potential performance boosting benefits, you can use CSF Firewall with Centmin Mod (you also have to run CentOS).

CSF Firewall on Centmin Mod

man working on a computer

?Source: Pixabay

If you are looking for an easy way to set up a new Linux server for the web, using CSF Firewall as well as a LEMP stack, here is a great option for you: Centmin Mod.

Centmin Mod is a LEMP stack that comes with an auto installer run through the command line.

It is designed for CentOS 6.x and CentOS 7.x (both flavors of Linux). It automatically installs and configures:

  • Nginx
  • MariaDB MySQL
  • PHP-FPM
  • CSF Firewall
  • Memcached Server

You also get other features, including third party YUM repositories and a variety of add-ons to Nginx.

For more information on how to install and use CSF Firewall with CentOS, check out the Centmin Mod website.

?CSF Firewall

man working on a computer security

?Source: Pixabay

CSF Firewall is an excellent system designed to prevent hacking attempts from succeeding. By using this software, you can help prevent hackers from hijacking and destroying your web server.

With lots of options, CSF Firewall is good for both novice and experienced system administrators. Best of all, it is free!

Is Electronic Cash Legit? – Everything You Need To Know

There’s a new technology that’s changing the way we do business — electronic cash — and soon it just may do away with money, credit cards and paper checks. From websites like Paypal to smartphone apps like Apple Pay, there are a plethora of options for shoppers who don't like carrying money or credit cards. For the computer-savvy, there are even more options like cryptocurrencies such as BitCoin. But what is electronic cash and why is it becoming so popular?

Electronic cash differs from BitCoin and other cryptocurrencies(which we will cover a little later) in that “real” or physical cash backs every transaction. Most electronic cash transaction in the United States would be backed by dollars, for example. This principle is similar to credit cards, which actually can be considered a form of electronic cash, although unlike many forms of e-cash available today, the user can essentially take out a loan from the credit card company for more money than they have in their bank account. In modern electronic cash transactions, the user is generally limited to the amount of money they have in their back accounts. This is one way in which the concept of electronic cash differs from credit cards. Consider electronic cash to be more of a debit card in concept.

Reasons to Use Electronic Cash

However, electronic cash is much more versatile than a debit card in many financial transactions. First of all, electronic cash is designed to be used with very little person-to-person contact. Unlike a debit card, most electronic cash transactions occur online or via machine. No card needs to be swiped and no numbers need to be checked. The financial transaction occurs more quickly and easily, allowing a merchant to process more orders and service more customers. Customers also won’t have to wait as long to purchase an item.

Another appreciable advantage to using an electronic cash system is heightened security. To put it simply, many of these systems are more secure than an average credit card is. Although credit card companies have improved consumer protection greatly through technological innovations such as putting microchips in the cards, most electronic cash services have stronger measures in place.

Why You Might Want to Use Apple Pay as Electronic Cash

Apple_Pay_logo

Source:  apple

For example, Apple Pay allows the buyer to purchase an item by using a fingerprint for identification, as opposed to a signature on a receipt which isn’t examined by anyone, including the credit card companies. It is also possible to purchase an item in privacy using Apple Pay. As makeuseof.com points out, the seller sees none of the buyer’s financial information, such as credit card numbers, and so the buyer can purchase an item in safety. While many stores are giving customers the option to swipe their own credit cards, this practice is fairly new, and is far from perfect. It’s much safer to use a system that’s designed from the start to limit sensitive financial information.

Apple Pay is also more secure than traditional payment methods in case of loss. Many have gone through the nightmare of losing their wallets and calling frantically to cancel credit cards. Any cash in the wallet will be most likely be gone, and even credit cards that are recovered could be compromised. However, with Apple Pay, the situation would be less serious. First of all, Apple Pay can be remotely deactivated. So if someone who loses their wallet has access to a computer, they can deactivate Apple Pay on a lost or stolen iPhone. Also, all sensitive financial information on an iPhone is encrypted, so even if a hacker were to steal an iPhone, it would be difficult to get a user’s financial information.

Another issue with credit cards is that cards aren’t very durable. While phones certainly can be damaged, the magnetic stripe on credit cards is easily worn away by the friction in a typical wallet. This may leave a prospective buyer with a card that doesn’t work, or that only works in certain readers. Even worse, the buyer may have no idea that the card isn’t going to work, leading to an unpleasant surprise. While phones are inherently more fragile, it’s also generally more obvious when one is broken and the buyer can get it repaired. (Also, while the phone is being repaired, the user can disable Apple Pay, as noted above.)

Consider PayPal as a Great Electronic Cash Provider for Small Businesses

paypal-logo

Source:  paypal

Apple Pay is great when buying something from a store, but if you want to buy something from a stranger or give money to someone you don’t know, PayPal is more appropriate. As with Apple Pay, PayPal is encrypted so the user doesn’t need to worry about hackers, according to financialwellness.org. However, anyone can have a PayPal account, so individuals can conduct transactions without the hassle of a true “middleman”.

Although it’s always risky to buy something over the internet without seeing it first, PayPal is the safest option in this situation. Cash is impossible to use in a transaction like this, credit cards are a major security risk because you have to provide your number and a check sent for an item can easily be used for fraud. PayPal offers the most consumer protections in this scenario.

Other advantages to using PayPal are an easy-to-use invoice system, as well as an easy way for individuals to accept credit card payments without having a merchant account. Both of these advantages are invaluable for small businesses, which have struggled in the past with invoicing and credit card sales. There are some disadvantages that businesses face in using PayPal, however. PayPal charges a 2.9% fee for all transactions going for goods or services, along with a .30 transaction charge. While not a large fee, it can be an issue if a business relies on PayPal transactions for much of its revenue.

Venmo: Electronic Cash for Family and Friends

venmo_logo_blue

Source:  venmo

Although more casual than Apple Pay or Pay Pal, Venmo should be mentioned in any discussion of electronic cash. Venmo is a person-to-person eCash system. If a friend needs money, or you want someone you know to buy something for you, Venmo can make it easy. Just a few simple swipes and the transaction is done!

However, there are a few warnings that come with using Venmo. Realize that the Venmo system is set up to be used with people you know, like friends and family. With strangers, there are no protections in place, so it is easy to be cheated on Venmo. According to slate.com, people have been bilked of thousands of dollars while trying to do business with strangers on Venmo. Also, be aware that Venmo isn’t meant for business transactions, and small business owners should be using PayPal, which is owned by the same company.

Cryptocurrency: The Cutting Edge of Electronic Cash

Finally, for those individuals who truly wish to experiment with the concept of electronic cash, there is cryptocurrency. Cryptocurrency is not based on any currency issued by a government, such as the US dollar. It is considered independent of any nation or financial institution. Also, cryptocurrency isn't based on any material wealth, such as gold (the US dollar isn’t backed by material wealth either). The most well-known cryptocurrency is Bitcoin, but there are others, all with varying levels of support.

Bitcoin is wholly electronic, meaning that there is no physical representation of the currency. No one can walk into a store with a pocket full of Bitcoin to buy a product. As the BBC points out, any “Bitcoin” medallions that are seen in pictures aren’t coins but contain a code for Bitcoin. The Bitcoin currency only exists as a number on an electronic ledger, called a “blockchain”. This blockchain is networked so that everyone with a Bitcoin account can see it.  Whenever a transaction is made using Bitcoin, it is logged into the blockchain. In this way, a bank is unnecessary to keep track of Bitcoin usage.

But how does the ledger stay safe from tampering? This is where encryption comes into play and is one of the reasons Bitcoin is known as a cryptocurrency. Every account is encrypted and has two keys, a private key, and a public key. When doing business, both parties can see public keys, but private keys are kept hidden. Both keys are needed to complete transactions.

cryptocurrency-list

Source:  coinnewspress

While this method seems secure, some questions arise, as we have seen in other forms of electronic cash. What happens if one of the parties attempts to cancel a transaction after it has been completed. In the Venmo example, people have been cheated by others who attempt to cancel after they have received services or payment. What does BitCoin do to stop that?

BitCoin’s answer to this problem is clever and is the other reason it is considered a cryptocurrency. In order to ensure that all transactions are completed in order, Bitcoin forces the network of computers that it operates on to solve puzzles that it knows are solvable in a certain amount of time. Anyone may use a computer for this task, and when a computer participates, its owner is paid with a small amount of Bitcoin. A computer doing this is “mining” for Bitcoin, according to cryptocurrencyfacts.com.  

When comparing the order of transactions to the order of obtaining the puzzle solutions, Bitcoin can tell exactly when the transactions occurred, without needing outside assistance such as a government or bank. The actual process is far more complicated than the quick summary given here, but this is the general idea. Bitcoin has a failsafe which is superior to other forms of electronic cash.

As can be evidenced by the examples given here, there are many different types of electronic cash. While some are meant merely to pass money between friends, others have been created as entire systems of currency, with no need of government or a banking system. The question of whether electronic cash is legitimate or not has been answered with a resounding yes. Electronic cash options are here to stay.

Is Mac OS X Truly More Secure than Windows?

The Mac OSX vs. Microsoft Windows debate runs hot and heavy, and one of the primary things people want to know is: which is safer? For years, Mac users have contended their devices can’t be hacked, but after recent attacks, we know they’re vulnerable. The question is, how vulnerable? We dive deep to uncover the truth.

“Macs are more secure than Windows” is a common statement heard by consumers, but we all know that a lie believed by a million people is still a lie. Does that mean Macs aren’t secure? We dig deep into the facts and expert opinions to find the important truth.

Why Does Security Matter?

Security Features Mac OS X
Photo credit to Macworld UK

Internet and device security seems to be a hot topic these days, but what does it mean for most people, in real terms? For starters, internet security has implications for international affairs, but it also has implications for the security of our money, our physical security, and the security of our online reputations.

Let’s take a closer look at each:

Government Security in the Age of the Internet

Government Security in the Age of the Internet
Photo credit to Wikipedia

Data breaches are on everyone’s radar these days, and for a good reason: ransomware, a type of data breach in which hacker’s demand ransom money to release your files, forced payments to hit an incredible $2 billion last year. It’s predicted they’ll cost corporations $9 billion in 2018.

This means, of course, higher costs for consumers when the ransom fees are “passed along,” but it also means security breaches. You’re not just handing over your banking information; in many cases, you’re handing over sensitive documents, email correspondences, health information, and more.

Mega-corporations like Equifax and Yahoo, as well as governments entities, including the National Security Agency, have been compromised and there’s a potential for even greater injury. In the UK, when hospital computers were temporarily locked, surgeries were delayed.

Why does this matter in the Mac OSX vs. Windows debate? Because nearly 90% of today’s computers operate on one of the two operating systems. If they’re vulnerable; so are corporations, governments, and…us.

Bank Fraud and Identity Theft

Photo credit to Freepik

If government shutdowns don’t concern you, you might need to look a little closer to home. We rely heavily on Mac and Windows operating systems in our everyday lives, from online shopping to online grocery ordering to online banking.

An attack on our home PC is more than just an inconvenience or the loss of our files. It can also mean the loss of our identities. In fact, just the accidental omission of an “o” in the .com of a popular website can bring to a website that’s been booby-trapped with malware and viruses designed to steal your money and your information.

Security and the Internet of Things

Security and the Internet of Things
Photo credit to Praetorian

The internet of things (IoT) is a relatively obscure term that encompasses everything from our home computers to our phones to our smart locks, smart televisions, and smartwatches. If it’s a device that exchanges information with another device, it’s a member of the IoT.

The trouble with the IoT is that these devices often have operating systems that are vulnerable to attack. Could a smart car, for example, be hacked and hindered? Tests have shown that it could. Could, say, your smart television be hacked so that you’ve listened in on? Yep, that, too.

These aren’t just personal concerns; these are industrial concerns. The IoT has applications that range from running huge combines harvesting wheat to flying drones to powering electrical grids. While some organizations have called for better protection, consumers by and large rely on manufacturers to protect them.

This brings us back to our home computers and our original question: when it comes to the two main computers most people use, which is safer, a Mac or a PC?

Let’s Define the Problem

First of all, when we talk about security breaches, we should be clear on what we’re discussing. In a Mac vs. PC showdown, what we’re comparing is Apple’s operating system (OS X) to Microsoft’s (Windows).

Linux, the third most popular PC operating system, is a great system but it’s a very distant third. Together, Windows and OS X dominate. The other thing that’s important to know is that, in the OSX vs. Windows debate, Windows has the lion share of the game.

Mac, despite its huge popularity, only has a small percent of the market share. This brings us to an interesting point: if Macs are much less popular than Microsofts, why are they such a pivotal part of this conversation?

Security and the Internet of Things
Photo credit to Coherentnews.com

Let’s Take a Walk Down Memory Lane

To answer that, and to discover the source of the “Macs are secure” idea, we need to look back to some of Apple’s first Mac vs. PC ads, nearly a decade ago. In hilarious and brilliant Get a Mac campaign, Apple laid out the benefits of a Mac, including the “fact” that they were less likely to be infected with a virus than a Microsoft PC.

While this wasn’t the whole truth, it sparked the idea in hundreds of thousands of people’s minds, and a legend was born.

The fact is that Macs are not indestructible; they can, in fact, be infected with both viruses and malware. Recently, for example, the OXW/Pinhead-B trojan was discovered monitoring browsers without the knowledge of Mac users. What’s worse is that it could take screenshots of your internet activity, monitor your files, send email from your account, and more.

We’re Not in Kansas Anymore

Also, it’s not uncommon for vulnerability analyses performed on both the Mac OS X and the Microsoft Windows OS to find similar issues. Sometimes, hackers even find more vulnerabilities in the Apple than they do in the much more popular Windows!

While it’s completely untrue, then, to say that Macs are not impervious to attack, why do so many people feel so safe? It’s not uncommon for Mac users to go without installing security software; why does this false attitude persist?

Part of the reason for Macs’ sense of security is that, traditionally, there have not been as many bad players aimed at Macs. Because there are so many more Windows PCs, most attacks have been built and designed for those.

Of course, there are those computer experts who have found Macs more difficult to exploit. For malware to make a breach and cause damage, it has to be able to attack a vulnerability, and many feel that, on a surface level, Apples require the more complicated breaching protocol.

Mac OS X and Microsoft Windows OS
Photo credit to Difference Between

False Security

That should not, however, continue to lull consumers into a false sense of security. As Apples become more and more of an incentive for hackers, Mac users might be in more danger than Windows users, simply because they’ve taken so few precautions.

Unfortunately, it boils down to simply psychology: it doesn’t matter how great your security system is. If it’s not armed, attackers can get in and steal everything, which is exactly what might happen with a Mac if an Apple OSX user doesn’t exercise caution.

The Other Side

We’d be remiss if we didn’t also share the flip side of the argument, which is that Macs simply don’t pose an attractive enough threat to hackers. Since the vast majority of computers are running on Windows and hackers seem to want to create the most damage possible, Macs aren’t an opportunity like their more common counterparts.

It’s fairly common, in fact, to find somebody talking about how they’ve owned a Mac for over a decade that’s never had a security attack.

Plus, most attacks on Macs to date have been Trojans, which take advantage of a weakness in the end-user, not the computer, itself. A trojan works by disguising itself as something helpful; when the user clicks and installs it, it embeds itself and becomes very difficult to get rid of, and sometimes impossible to detect.

Mac OS X and Microsoft Windows OS
Photo credit to Business Wire

Lock Those Doors

Finally, the Mac OSX has some built-in security features that Windows computers don’t have. For example, Macs are Unix-based, a system that’s been likened to a series of fire doors, making the fire–or, the virus–less able to spread.

In some of the most recent versions, Apple has included what it calls a GateKeeper, which prevents Macs from downloading or installing any app or software that isn’t Apple-approved. It also comes preloaded now with Java and Flash plugins. Since these are often the bearers of Trojans for Macs, eliminating the need for downloading them eliminates a huge risk of infection.

Security Mac OS X and Microsoft Windows OS
Photo credit to ExtremeTech

Can We Be Safe?

What’s the bottom line for you, as you’re deciding between a Mac OSX and a Windows? Ultimately, the responsibility for protecting yourself is in your own hands. Frankly, while you might be less likely to encounter an attack with a Mac, it’s wise to prepare for one no matter what operating system you’re running.

Do your research and find a high-quality virus and malware protector for your computer. That’s the best way to protect yourself.

 

How To Install Let’s Encrypt Certificates On Ubuntu Server With Apache2

I recently had to install Let’s Encrypt certificates on one of my websites hosted on a Ubuntu server running Apache2 web server.

The process was painless and easy.. and this brief tutorial is going to show you what steps I took and what to look out for when installing one yourself.

If you don’t already know, Let’s Encrypt allows anyone to obtain and install their trusted SSL certificates for free on their websites.

Continue reading “How To Install Let’s Encrypt Certificates On Ubuntu Server With Apache2”

How To Use LetsEncrypt SSL With Nginx On Ubuntu Server

Using SSL encryption on your website or blogs to protect user’s privacy  is not a bad idea. In fact, Google recommends it.

Google announced few months back, that if you migrate to your websites and blogs to HTTPS, you may get a small bump on its search engine result pages.

Adding SSL encryption also cost money depending on the certificate you want to install. For those who are not making enough money from their websites or blogs but still want to add SSL certificates can use LetsEncrypt.

Continue reading “How To Use LetsEncrypt SSL With Nginx On Ubuntu Server”