Amdital – Diginnovators

Firewall Rules

Written by

yashrajsingh.jawoor@diginnovators.com

in

{“34e34060-6983-4ab6-a023-c59fdafb9a36”:{“id”:”34e34060-6983-4ab6-a023-c59fdafb9a36″,”type”:”Paragraph”,”value”:[{“id”:”382923ec-718a-452c-bd40-511f33735fe1″,”type”:”paragraph”,”children”:[{“text”:” “}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:0}},”ac2d4988-77cd-4040-96b6-ca8103ca5165″:{“id”:”ac2d4988-77cd-4040-96b6-ca8103ca5165″,”type”:”HeadingTwo”,”value”:[{“id”:”16c082f1-4829-46d4-9d94-b4d0e9922203″,”type”:”heading-two”,”children”:[{“text”:”1. “},{“text”:”Objective”,”bold”:true}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:1}},”29585557-89e1-4038-8607-3b08aca01742″:{“id”:”29585557-89e1-4038-8607-3b08aca01742″,”type”:”Paragraph”,”value”:[{“id”:”092de3c4-4e47-42e3-8170-7169d588ebca”,”type”:”paragraph”,”children”:[{“text”:”To define a “},{“text”:”simple, secure, and reusable firewall strategy”,”bold”:true},{“text”:” for all Linux-based cloud servers provisioned on platforms such as AWS, GCP, RunCloud, and DigitalOcean. This policy standardizes port access using “},{“text”:”cloud-native firewalls (Security Groups / VPC Firewall Rules)”,”bold”:true},{“text”:” and ensures only necessary services are publicly exposed.”}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:2}},”e568190b-1af2-49ef-9b4f-3187eac0cb79″:{“id”:”e568190b-1af2-49ef-9b4f-3187eac0cb79″,”type”:”Divider”,”value”:[{“id”:”a743b9dc-46e1-4f8c-9abc-5b8103215ac8″,”type”:”divider”,”props”:{“nodeType”:”void”,”theme”:”solid”,”color”:”#EFEFEE”},”children”:[{“text”:””}]}],”meta”:{“align”:”left”,”depth”:0,”order”:3}},”240967d6-d2ab-4543-b2ab-612b9b0017e7″:{“id”:”240967d6-d2ab-4543-b2ab-612b9b0017e7″,”type”:”HeadingTwo”,”value”:[{“id”:”c630aeb6-c582-4455-830f-dd684826e295″,”type”:”heading-two”,”children”:[{“text”:”2. “},{“text”:”Scope”,”bold”:true}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:4}},”2971aa87-aa43-4757-bbc1-044e3a2d2eb5″:{“id”:”2971aa87-aa43-4757-bbc1-044e3a2d2eb5″,”type”:”Paragraph”,”value”:[{“id”:”f1291474-b389-4847-bb4f-6f6334a85d9e”,”type”:”paragraph”,”children”:[{“text”:”This policy applies to:”}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:5}},”645015b1-df09-4d2c-a53c-69cbba537c48″:{“id”:”645015b1-df09-4d2c-a53c-69cbba537c48″,”type”:”BulletedList”,”value”:[{“id”:”98a8a465-03c2-4881-a50b-779cb552eb8a”,”type”:”bulleted-list”,”children”:[{“text”:”All current and future cloud servers used by Diginnovators, including:”}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:6}},”c9971e4a-c1b5-4915-a50e-e0c357173784″:{“id”:”c9971e4a-c1b5-4915-a50e-e0c357173784″,”type”:”BulletedList”,”value”:[{“id”:”e4fd50e8-a945-44dd-add8-4e4d7bf20ba9″,”type”:”bulleted-list”,”children”:[{“text”:”AWS EC2 “}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:1,”order”:7}},”9553ccfd-7569-447d-a064-b1a15a86d369″:{“id”:”9553ccfd-7569-447d-a064-b1a15a86d369″,”type”:”BulletedList”,”value”:[{“id”:”dd1a9737-fb03-4852-ad12-25707a1a1718″,”type”:”bulleted-list”,”children”:[{“text”:”GCP Compute Engine”}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:1,”order”:8}},”b2e5fa2e-3e1a-42af-b23e-275a66b2c37b”:{“id”:”b2e5fa2e-3e1a-42af-b23e-275a66b2c37b”,”type”:”BulletedList”,”value”:[{“id”:”37f2ba32-633b-4a25-9ca8-900b1b804657″,”type”:”bulleted-list”,”children”:[{“text”:”DigitalOcean Droplets”}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:1,”order”:9}},”9bd7b9c7-6407-46fe-9814-50a115170a80″:{“id”:”9bd7b9c7-6407-46fe-9814-50a115170a80″,”type”:”BulletedList”,”value”:[{“id”:”395f1978-611d-4317-8c9b-9fc49b29da81″,”type”:”bulleted-list”,”children”:[{“text”:”RunCloud-managed instances (on any provider)”}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:1,”order”:10}},”7f2c269b-5c72-4ec9-bc78-73b893be269e”:{“id”:”7f2c269b-5c72-4ec9-bc78-73b893be269e”,”type”:”BulletedList”,”value”:[{“id”:”16ec4f23-d156-49c1-9c24-d672c4419a3b”,”type”:”bulleted-list”,”children”:[{“text”:”Applicable to frontend, backend, CI/CD, staging, and production servers\n”}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:11}},”cccb291c-a0a1-42f7-a1a8-e27114b45682″:{“id”:”cccb291c-a0a1-42f7-a1a8-e27114b45682″,”type”:”Divider”,”value”:[{“id”:”6101dbcb-2b4f-407f-affe-cf580058befd”,”type”:”divider”,”props”:{“nodeType”:”void”,”theme”:”solid”,”color”:”#EFEFEE”},”children”:[{“text”:””}]}],”meta”:{“align”:”left”,”depth”:0,”order”:12}},”7e6a0ae8-9f6a-414e-bf32-98f70f208a1f”:{“id”:”7e6a0ae8-9f6a-414e-bf32-98f70f208a1f”,”type”:”HeadingTwo”,”value”:[{“id”:”6b569ab3-5c08-417f-8781-7cc854a72a94″,”type”:”heading-two”,”children”:[{“text”:”4. “},{“text”:”Standard Allowed Ports”,”bold”:true}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:13}},”95689a24-e385-4abc-b75e-2188186954e8″:{“id”:”95689a24-e385-4abc-b75e-2188186954e8″,”type”:”Table”,”value”:[{“id”:”fd371a52-deb9-443e-98a6-c7c13b848894″,”type”:”table”,”children”:[{“id”:”3b1bae1e-23c0-408c-b179-3b7b647567b1″,”type”:”table-row”,”children”:[{“id”:”b63f4e07-be02-4fca-bd47-6a7a0c90aa49″,”type”:”table-data-cell”,”children”:[{“text”:”Purpose”}],”props”:{“asHeader”:true,”width”:200}},{“id”:”b6d29625-6d7a-4bed-80ff-b1d51deaabd7″,”type”:”table-data-cell”,”children”:[{“text”:”Port”}],”props”:{“asHeader”:true,”width”:200}},{“id”:”00165794-acee-47a7-8ae4-7a96de626b59″,”type”:”table-data-cell”,”children”:[{“text”:”Protocol”}],”props”:{“asHeader”:true,”width”:200}},{“id”:”98790b42-2d6d-4682-b2d5-aea343420abb”,”type”:”table-data-cell”,”children”:[{“text”:”Source”}],”props”:{“asHeader”:true,”width”:200}},{“id”:”0a124df5-d18f-4208-ad3a-4842a66f48d2″,”type”:”table-data-cell”,”children”:[{“text”:”Notes”}],”props”:{“asHeader”:true,”width”:200}}]},{“id”:”9cd06de8-5872-41e0-b86f-2606180155a6″,”type”:”table-row”,”children”:[{“id”:”043a561b-542b-4038-8aa5-e0d83cd8dc13″,”type”:”table-data-cell”,”children”:[{“text”:”SSH (Admin Access)”}],”props”:{“asHeader”:false,”width”:200}},{“id”:”212ccd51-740e-45b4-a72f-73bb951dbe35″,”type”:”table-data-cell”,”children”:[{“text”:”22″}],”props”:{“asHeader”:false,”width”:200}},{“id”:”70bf4141-7baf-40ba-b6a3-3963b6504de7″,”type”:”table-data-cell”,”children”:[{“text”:”TCP”}],”props”:{“asHeader”:false,”width”:200}},{“id”:”c762941a-5bfa-4e85-996b-500fdebe4c2c”,”type”:”table-data-cell”,”children”:[{“text”:”Allowed Ips”}],”props”:{“asHeader”:false,”width”:200}},{“id”:”ecf52c38-8022-409a-b354-ee95cf8a9ab5″,”type”:”table-data-cell”,”children”:[{“text”:”Never allow “},{“code”:true,”text”:”0.0.0.0/0″}],”props”:{“asHeader”:false,”width”:200}}]},{“id”:”91db6b66-05e6-49ff-a86a-69408fb9c9af”,”type”:”table-row”,”children”:[{“id”:”d979e900-4cef-49e4-9cab-8675caaa85a7″,”type”:”table-data-cell”,”children”:[{“text”:”HTTP”}],”props”:{“asHeader”:false,”width”:200}},{“id”:”138d9ad8-2dd8-41e2-9056-c2de011af824″,”type”:”table-data-cell”,”children”:[{“text”:”80″}],”props”:{“asHeader”:false,”width”:200}},{“id”:”11240c97-0114-4c2a-8b27-dc08a0d371e7″,”type”:”table-data-cell”,”children”:[{“text”:”TCP”}],”props”:{“asHeader”:false,”width”:200}},{“id”:”a718dddd-1bfb-46a2-a4db-7772d403ee98″,”type”:”table-data-cell”,”children”:[{“code”:true,”text”:”0.0.0.0/0″}],”props”:{“asHeader”:false,”width”:200}},{“id”:”659185ef-0794-46f7-a262-5cd9db14a621″,”type”:”table-data-cell”,”children”:[{“text”:”Public website access”}],”props”:{“asHeader”:false,”width”:200}}]},{“id”:”5c29330a-3741-420c-a277-3fdd68c6b4f7″,”type”:”table-row”,”children”:[{“id”:”425bf751-0499-459a-8c00-c52f562bdb3e”,”type”:”table-data-cell”,”children”:[{“text”:”HTTPS”}],”props”:{“asHeader”:false,”width”:200}},{“id”:”b8bc1334-67f0-4c41-8792-c224d3c2963f”,”type”:”table-data-cell”,”children”:[{“text”:”443″}],”props”:{“asHeader”:false,”width”:200}},{“id”:”3308b16c-780b-490e-a743-4bf45027fa4d”,”type”:”table-data-cell”,”children”:[{“text”:”TCP”}],”props”:{“asHeader”:false,”width”:200}},{“id”:”b50e776a-7ad2-433c-b45d-6f8aa6a13c4f”,”type”:”table-data-cell”,”children”:[{“code”:true,”text”:”0.0.0.0/0″}],”props”:{“asHeader”:false,”width”:200}},{“id”:”db475505-3c94-477f-86c0-08e5cb6bd788″,”type”:”table-data-cell”,”children”:[{“text”:”Secure web access”}],”props”:{“asHeader”:false,”width”:200}}]},{“id”:”dad195fe-aa6c-452b-89d9-806e85312c6a”,”type”:”table-row”,”children”:[{“id”:”94ed75ba-efc3-40b5-bcd9-6f115846da40″,”type”:”table-data-cell”,”children”:[{“text”:”RunCloud Panel”}],”props”:{“asHeader”:false,”width”:200}},{“id”:”f8f013e1-4d88-4c14-bc64-1073fc17ef4b”,”type”:”table-data-cell”,”children”:[{“text”:”34210″}],”props”:{“asHeader”:false,”width”:200}},{“id”:”dd93853c-46f4-42f6-816b-f172235b7db1″,”type”:”table-data-cell”,”children”:[{“text”:”TCP”}],”props”:{“asHeader”:false,”width”:200}},{“id”:”4e980e7f-e0e9-4b4c-be99-562bf7f08b7c”,”type”:”table-data-cell”,”children”:[{“text”:”Allowed Ips”}],”props”:{“asHeader”:false,”width”:200}},{“id”:”017121dc-5d65-4022-87b7-05a1f260e66e”,”type”:”table-data-cell”,”children”:[{“text”:”For server management dashboard”}],”props”:{“asHeader”:false,”width”:200}}]},{“id”:”b396cd68-0474-4e16-bfa4-138614ef9db4″,”type”:”table-row”,”children”:[{“id”:”7dc47878-9ff7-4ad9-ab6b-7a17646fba20″,”type”:”table-data-cell”,”children”:[{“text”:”Application Ports”}],”props”:{“asHeader”:false,”width”:200}},{“id”:”f27ad3e2-48ec-4f68-aeeb-c3cef40aae88″,”type”:”table-data-cell”,”children”:[{“text”:”Custom”}],”props”:{“asHeader”:false,”width”:200}},{“id”:”ae64183b-3539-4a24-84a9-998af1aaea3c”,”type”:”table-data-cell”,”children”:[{“text”:”TCP/UDP”}],”props”:{“asHeader”:false,”width”:200}},{“id”:”7db1e10b-a430-4cd6-8e3f-9b74bf7ae6db”,”type”:”table-data-cell”,”children”:[{“text”:”Specific IPs/Subnets”}],”props”:{“asHeader”:false,”width”:200}},{“id”:”45b10c13-4bde-4586-8b9f-eb3203728c4b”,”type”:”table-data-cell”,”children”:[{“text”:”Defined per project”}],”props”:{“asHeader”:false,”width”:200}}]},{“id”:”03970f81-0b7b-4ed7-b88f-f7aa4f5f414a”,”type”:”table-row”,”children”:[{“id”:”1826f95a-17ec-4d85-9e8b-88e1845280ed”,”type”:”table-data-cell”,”children”:[{“text”:”Database Ports”}],”props”:{“asHeader”:false,”width”:200}},{“id”:”dc9a975f-ff2e-4617-8e34-fa6db1f82539″,”type”:”table-data-cell”,”children”:[{“text”:”(e.g., 3306)”}],”props”:{“asHeader”:false,”width”:200}},{“id”:”19c30e9c-e12a-43eb-9793-a2c0bfb4d63d”,”type”:”table-data-cell”,”children”:[{“text”:”—”}],”props”:{“asHeader”:false,”width”:200}},{“id”:”3b76c96b-c54f-4f16-916e-f038b75f870b”,”type”:”table-data-cell”,”children”:[{“text”:”Private subnet only”}],”props”:{“asHeader”:false,”width”:200}},{“id”:”93eb9547-d1b7-47fb-8eaa-e1b073c2fb7b”,”type”:”table-data-cell”,”children”:[{“text”:”Never exposed to the public”}],”props”:{“asHeader”:false,”width”:200}}]}],”props”:{“headerRow”:true,”headerColumn”:false}}],”meta”:{“align”:”left”,”depth”:0,”order”:14}},”3cf06f79-081f-4fb1-b563-d82b5d2c2751″:{“id”:”3cf06f79-081f-4fb1-b563-d82b5d2c2751″,”type”:”Divider”,”value”:[{“id”:”e94030a6-c968-4391-a6ad-545805b74fb5″,”type”:”divider”,”props”:{“nodeType”:”void”,”theme”:”solid”,”color”:”#EFEFEE”},”children”:[{“text”:””}]}],”meta”:{“align”:”left”,”depth”:0,”order”:15}},”b0d98dc0-ae22-475f-a48e-50a7a934cdf7″:{“id”:”b0d98dc0-ae22-475f-a48e-50a7a934cdf7″,”type”:”HeadingTwo”,”value”:[{“id”:”183ab29c-9d95-4d9f-ac68-23f2001c269c”,”type”:”heading-two”,”children”:[{“text”:”5. “},{“text”:”Best Practices Checklist”,”bold”:true}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:16}},”2d5d7454-1524-4c86-ab0e-33bbc603c7ea”:{“id”:”2d5d7454-1524-4c86-ab0e-33bbc603c7ea”,”type”:”BulletedList”,”value”:[{“id”:”1b03ef0c-e9ab-45aa-b589-4f84641737ad”,”type”:”bulleted-list”,”children”:[{“text”:”SSH is restricted to trusted IPs only.\n”}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:17}},”04da279d-2f09-4199-8217-4a38df5399b8″:{“id”:”04da279d-2f09-4199-8217-4a38df5399b8″,”type”:”BulletedList”,”value”:[{“id”:”0941d86b-f175-46e9-8ebb-1e6bd8190fec”,”type”:”bulleted-list”,”children”:[{“text”:”Only necessary ports (e.g., 80/443) are publicly exposed.\n”}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:18}},”ffabf9da-f448-449e-9b10-8ec7d009edfc”:{“id”:”ffabf9da-f448-449e-9b10-8ec7d009edfc”,”type”:”BulletedList”,”value”:[{“id”:”11eedd81-1286-4b4b-8e12-2b1d9c48e026″,”type”:”bulleted-list”,”children”:[{“text”:”No internal services (MySQL, Redis, etc.) are publicly accessible.\n”}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:19}},”a556bf9a-3e98-4cac-85a9-6fc130855f8a”:{“id”:”a556bf9a-3e98-4cac-85a9-6fc130855f8a”,”type”:”BulletedList”,”value”:[{“id”:”4f141a44-afea-44a2-841e-79c3d6032f12″,”type”:”bulleted-list”,”children”:[{“text”:”Firewall rule changes are reviewed and approved before deployment.\n”}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:20}},”1a514689-85de-4969-bef0-904616111b0c”:{“id”:”1a514689-85de-4969-bef0-904616111b0c”,”type”:”BulletedList”,”value”:[{“id”:”e0a39236-b691-48a1-99dc-e5b8a58ea947″,”type”:”bulleted-list”,”children”:[{“text”:”Each server is attached to a least-privilege firewall group.\n”}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:21}},”2d2a77c6-4630-4097-bd3a-0815fb830baa”:{“id”:”2d2a77c6-4630-4097-bd3a-0815fb830baa”,”type”:”Divider”,”value”:[{“id”:”f5c1adad-9dbf-4276-bd4f-c8f015366e6c”,”type”:”divider”,”props”:{“nodeType”:”void”,”theme”:”solid”,”color”:”#EFEFEE”},”children”:[{“text”:””}]}],”meta”:{“align”:”left”,”depth”:0,”order”:22}},”40feae39-b9c5-4c88-8934-f433375ccbae”:{“id”:”40feae39-b9c5-4c88-8934-f433375ccbae”,”type”:”HeadingTwo”,”value”:[{“id”:”0d31ecd0-e6fb-4de1-b57b-ec78f9cc9703″,”type”:”heading-two”,”children”:[{“text”:”8. “},{“text”:”Conclusion”,”bold”:true}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:23}},”c2ea29dc-a55f-4548-aaaf-5449ee217805″:{“id”:”c2ea29dc-a55f-4548-aaaf-5449ee217805″,”type”:”Paragraph”,”value”:[{“id”:”d2860fc0-fe51-4e84-8c12-b503fa66854e”,”type”:”paragraph”,”children”:[{“text”:”This unified firewall policy:”}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:24}},”ef82477d-dc59-497e-90a7-fd61332208ae”:{“id”:”ef82477d-dc59-497e-90a7-fd61332208ae”,”type”:”BulletedList”,”value”:[{“id”:”e1d35c09-edb1-4239-8f92-5d67e0d48aa8″,”type”:”bulleted-list”,”children”:[{“text”:”Reduces human error by enforcing rule templates\n”}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:25}},”e0744744-f34b-47db-b6b6-c9c09ab5cf06″:{“id”:”e0744744-f34b-47db-b6b6-c9c09ab5cf06″,”type”:”BulletedList”,”value”:[{“id”:”dd15f042-440d-4b4b-a844-736bad2e08a5″,”type”:”bulleted-list”,”children”:[{“text”:”Minimizes the attack surface across all environments\n”}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:26}},”e4cdfb4b-ef8d-413b-922c-44bdfd0a356a”:{“id”:”e4cdfb4b-ef8d-413b-922c-44bdfd0a356a”,”type”:”BulletedList”,”value”:[{“id”:”fee0a18d-0484-4f6e-9726-a23e51448d3c”,”type”:”bulleted-list”,”children”:[{“text”:”Makes security scalable as infrastructure grows\n”}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:27}},”b5a33e52-0d69-4d33-af1a-b95238e52da5″:{“id”:”b5a33e52-0d69-4d33-af1a-b95238e52da5″,”type”:”BulletedList”,”value”:[{“id”:”8806659b-c844-494a-b690-d7e964cad064″,”type”:”bulleted-list”,”children”:[{“text”:”Ensures quick onboarding of new servers with consistent access rules\n”}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:28}},”579bdadb-33a2-4dc9-8c70-853977ecbcd2″:{“id”:”579bdadb-33a2-4dc9-8c70-853977ecbcd2″,”type”:”Divider”,”value”:[{“id”:”31c04355-eeae-4459-b2a6-a18c6124539b”,”type”:”divider”,”props”:{“nodeType”:”void”,”theme”:”solid”,”color”:”#EFEFEE”},”children”:[{“text”:””}]}],”meta”:{“align”:”left”,”depth”:0,”order”:29}},”ae4a71da-f0e3-4390-8e56-59a25e3ce502″:{“id”:”ae4a71da-f0e3-4390-8e56-59a25e3ce502″,”type”:”Paragraph”,”value”:[{“id”:”d064df94-0487-4cb9-a958-6f221e628459″,”type”:”paragraph”,”children”:[{“text”:” “}],”props”:{“nodeType”:”block”}}],”meta”:{“align”:”left”,”depth”:0,”order”:30}}}

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts