Ubuntu install DB Firewall ports open
Ubuntu install DB Firewall ports open
On a new Ubuntu install I notice the firewall ports for the DB are open (3306,5432). I don't need to remotely connect to mysql, am I safe to disable this rule?
Re: Ubuntu install DB Firewall ports open
I think this should be disabled by default. If you're techy enough to know what you're doing, then you can turn it on. But most people are not techy, so they install VestaCP without knowing their database is open to the internet. And also techy people are likely to choose bad database passwords, which means they are at increased risk of getting hacked.
Golden rule of security: if you're not using it, turn it off.
I notice too that database users are created with two accounts. One allows them to connect from localhost, which is expected. The other allows them to connect from ANY HOST. Once again, these accounts shouldn't be enabled by default, just the localhost ones. And once again, if you're techy enough to know that you need to connect to a database from a remote host, you're going to be able to enable this yourself, and you'd likely restrict it to a known IP or IP range rather than allow ALL. But anyway, if you've already disabled the firewall rule, then this is less of an issue.
Golden rule of security: if you're not using it, turn it off.
I notice too that database users are created with two accounts. One allows them to connect from localhost, which is expected. The other allows them to connect from ANY HOST. Once again, these accounts shouldn't be enabled by default, just the localhost ones. And once again, if you're techy enough to know that you need to connect to a database from a remote host, you're going to be able to enable this yourself, and you'd likely restrict it to a known IP or IP range rather than allow ALL. But anyway, if you've already disabled the firewall rule, then this is less of an issue.