Firewall(s) in front of Virtualmin or Cloudmin

Hello,

I wonder if it's safe to place Virtualmin or Cloudmin directly on the front edge without any firewall in front of it. Virtualmin looks very secured with the default IPTABLES firewall and optional plug-ins (denyhost, etc.). I am just double checking.

I would rather not placing anything else in front of it to avoid speed and performance bottle neck by additional layer(s) of firewall(s). However, if necessary... would you recommend having either 1 edge and 1 application firewall in front of Virtualmin or Cloudmin? Example:

Option 1:

Internet --> Edge FW (Pfsense, Cisco, OpenBSD, etc.) --> Virtualmin/Cloudmin.

Option 2:

Internet --> Edge FW (Pfsense, Cisco, OpenBSD, etc.) --> Microsoft TMG (Threat Management Gateway) --> Virtualmin/Cloudmin.

Thank you in advance for your help.

Status: 
Active

Comments

I wouldn't recommend placing any firewall in front of Virtualmin or Cloudmin - instead, just make sure that all the packages on your system are kept up to date. If you are using Virtualmin, this goes double for PHP apps that it installs, as they are frequently updated to fix security issues.

If you do want some kind of firewall, use the on-host iptables firewall that Webmin can setup at Webmin -> Networking -> Linux Firewall.

I wouldn't recommend placing any firewall in front of Virtualmin or Cloudmin - instead, just make sure that all the packages on your system are kept up to date. If you are using Virtualmin, this goes double for PHP apps that it installs, as they are frequently updated to fix security issues.

If you do want some kind of firewall, use the on-host iptables firewall that Webmin can setup at Webmin -> Networking -> Linux Firewall.

Hi Jamie,

Thanks so much for your reply. I sincerely appreciate it very much.

Sorry in advance to ask more in-depth about this matter. Security breach is the number one nightmare to site owners and could put a business out of business for good. Thanks for your understanding.

Have there been known attacks on Virtualmin or webmin management control panel or the sites that utilize it? If so, was there any vulnerability discovered?

My main concern, as with most site owner, are either the DDOS or SQL injection attacks. For this reason, application firewalls were born to protect at the application layers.

Does Virtualmin/Webmin integrate with any type of security plug-in (part of iptables or separate module) to protect against attack to the Apache server and MySQL (or similar database like Postsreq)?

Thanks in advance for your time and effort.

There have been attacks on Webmin in the past - but no remotely root exploits for many years. For more information, see http://www.webmin.com/security.html

A firewall that can protect against DDOS or SQL injection attacks would be useful, although I don't personally have any experience with those.

The only security integration Webmin has is a module to configure IPtables. You could use this to block off external access to MySQL for example..