Don't get me started how bad the above is. Actually, I have a lot more adjectives, but let's keep this family friendly.
Today one of my clients reported that their website (being run internally) was down. I logged in via ssh, and verified that it was fine....apache/mysql all up and running as it should. HOWEVER, for some reason port80 traffic was not being forwarded to the webserver, even though ssh was being forwarded just fine.
Solution: Power-toggle the Dlink, and everything is hunky dory again.
At least until the next time...which will be soon until they get a proper firewall which is the only sane thing to do.
Moral of the story: A router which TM probably got for RM60 (or less), from a supplier that was probably squeezed on pricing and which TM saw fit to modify the original firmware to their own specs, is not exactly suitable hardware for your internet costing thousands per year, to forward traffic/protect servers costing thousands more. That does not even take into account the cost of downtime. If you're running anything other than a vanity site, do the right thing and invest in a proper firewall. You don't even need expensive ones. What you need is something that supports VLANs, have an IDS/IPS (Intrusion Detection & Prevention to prevent bad traffic from hitting your servers), Transparent Proxy Filtering (to make sure your staff isn't Facebooking throughout the day). This doesn't need to cost a bomb.
No comments:
Post a Comment