Wrong application security task

Task regarding securing applications on backup server is wrong in the core as it is potentially building wrong habits. The task is to open port for nginx and block for apache.

The problem here is that it builds impression that it’s enough to close port for one known app. This is wrong at the core. It would be much more appropriate to block all ports except for the few ones that are in use - in this case it would mean:

  1. Block all incoming traffic
  2. Open traffic from all IPs on Nginx port
  3. Open SSH port from jump host

Hi @moby04

Thank you for your valuable feedback. We assume that on backup server there is not only single tool/application running so there might be number of existing firewall rules already present on the system. So we don’t want users to mess with any of the existing rules or settings. Since after deploying the new application we have some new requirements w.r.t firewall rules so we are asking user to just add those new rules.

But thanks again for your feedback, it really helps us to improve our labs, we will check how we can improve this one.