Dedicated Server Hosting is a huge deal for businesses with hefty system resource requirements. To secure sensitive data properly you need multiple cybersecurity measures in place for antivirus (AV) and backup solutions. If your dedicated server stores medical data or other confidential information, you should consider integrating the Cisco ASA firewall to harden your system.
What is a Firewall?
A firewall is a hardware or software application that allows incoming and outgoing network traffic on a system in accordance with defined security rules. A firewall properly configured to negate or mitigate the biggest risks for your server environment will conserve processing power needed to maintain the dedicated server’s CPU performance.
Common Types of Firewalls
There are multiple types of firewalls for stopping cyber attacks.
Traditional, or “stateful inspection,” firewalls block traffic based on state (e.g. “listen”), port number, and protocol. In the past these were the most common while other methods were taken to better protection.
Unified threat management (UTM) firewalls are beefed up with intrusion prevention and AV scanning capabilities for a fully fledged security package.
Both have their place in modern use cases today. However, web applications with publicly accessible API calls and executable code like PHP are vulnerable to advanced malware. This led to the popularity of web application firewalls.
Web Application Firewalls
Web application firewalls (WAFs) operate as a reverse proxy and use signature-based detection to stop malicious activity. They protect installations at layer 7 (application) of the Open Systems Interconnection (OSI) model against:
- Code injection
- Zero-day attacks
- Cross-site scripting (XSS)
- Unauthorized access to APIs
- Denial of service (DoS) attacks targeting apps
Host-Based WAFs
Host-based WAFs are installed on the system. The benefits are that they’re easy to implement and many popular options for Linux systems are free:
- ConfigServer Security & Firewall (CSF)
- ModSecurity
- Fail2ban
The downside is that since host-based WAFs are installed on the system, they share resources with the applications they’re meant to protect. Even if the WAF is protecting your data during a DoS attack, your app performance and users’ experience will likely suffer as a result. They also require some setup to work with your server hosting environment.
Cloud-Based WAFs
Cloud-based WAFs are software as a service (SaaS) platforms not installed on your web server but positioned in front of it via DNS. Sucuri is great for larger businesses lacking manpower and needing instant access to cybersecurity analysts in the case of a cyber attack. It’s also pricier compared to host-based firewalls. Cloudflare also includes some WAF features. Both are often used in conjunction with a host-based WAF to greatly reduce traffic load and improve speed.
The ease of use is negated somewhat if you don’t have transparency to see how exactly the WAF is protecting you from vulnerabilities specific to your application(s). You’re also trading some server cyber risks for that of the security platform you’re using. Lastly, it is sometimes possible to bypass a cloud-based platform for a stealthy infection, negating the effectiveness of cloud-based solutions entirely.
Our solution for businesses wanting to get the most out of their InMotion Dedicated Server Hosting: a Cisco hardware firewall.
What is the Cisco ASA Firewall?
Cisco Adaptive Security Appliance (ASA) 5500-X series firewalls guard protocols such as DNS and SSH from man-in-the-middle (MITM), DDoS, and related cyber attacks at OSI layers 3 and 4 (network traffic and data transfer respectively). The network-based firewall is a hardware appliance installed and maintained alongside your dedicated server in our data center of your choice for significant advantages:
- Traffic has no choice but to go through the firewall for stateful inspection
- Hardware appliance is unaffected by server operating system (OS) vulnerabilities
- Doesn’t use server resources to fight cyber intrusions
- Perfect for gating unauthorized incoming traffic from private APIs, applications, and other resources in multi-server environments
The SourceFire acquisition resulted in the Cisco ASA 5506 firewall being an all-in-one solution with next generation firewall (NGFW) features:
- FirePOWER next-generation intrusion prevention system (NGIPS) services
- Advanced WAF rules specific to installed apps and user permissions
- Advanced Malware Protection (AMP) for AV scanning and removal
Add to that a strong system backup solution, and maybe some security HTTP headers (Content Security Policy and HTTP Strict Transport Security), and you’ve achieved a solid defense in depth approach.
Network-based firewall solutions are generally the most expensive due to data center storage requirements and maintenance costs.
Cisco ASA Firewall vs Sucuri WAF
Here’s a short summary dedicated server administrators can use for comparing the next generation firewall vs WAF.
Cisco ASA Firewall:
- Network-based hardware appliance installed in the data center with your dedicated server
- Fully-featured security solution that cannot be bypassed
- Highly configurable to suit your business needs
- Requires learning more about the Linux command line interface (CLI) and Cisco OS
- Configuration assistance available from our Managed Hosting team
- Great for larger corporations wanting top-notch security
Sucuri WAF:
- Cloud-based web application not installed on your Linux machine
- Can be bypassed and must be used in conjunction with host-based solutions
- Manageable from a graphical user interface in the web browser
- Proprietary and may have limited configuration to fill your needs
- Includes security analyst support
- Great for medium sized businesses looking to outsource some cybersecurity support
Getting Started with the Cisco ASA Firewall
Want to learn more about getting started with a Bare Metal or cPanel-managed dedicated server packaged with a Cisco ASA 5506 firewall? Here’s all you need to do.
- Contact our sales team to ask further questions about or purchase a Cisco ASA firewall with Dedicated Linux Server Hosting.
- If you wish to load a custom operating system to your Bare Metal Hosting, ask about a keyboard, video, and mouse (KVM) switch as well.
- After purchasing a Cisco firewall subscription, you’ll be emailed your firewall user credentials. Secure the firewall IP address and user details in a password manager (e.g. KeePass) and remove the email.
- Log into your Cisco ASA firewall.