Consider the following cluster consisting of a firewall(pfSense), a managed switch and several 1U servers. Security is important but budget is limited, need to make the most of what we have. We anticipate the web site will be a hacking target and want to mitigate the risk as much as possible.
firewall: pfSense WAN port on totally separate IP block and domain from load balancer dbServer and webServers NIC2 are on 10.1.x.x NATed, no direct access from WAN
load balancer: WAN address on NIC 1 LAN on NIC 2 uses iptables as only firewall haProxy listens on 80&433 WAN IP forwards to web servers on LAN NIC 2 sshd only listens on LAN 10.1.1.x NIC on non-standard port sshd requires public/private key login (no password login) sshd does not allow root login normal server hardning remove ssh(or rename) so if access is (somehow) gained they can go no further?
several web servers running nginx ipables blocking all but ports 80&443 & ssh on non standard port iptables: ssh port on LAN only from firewall IP only (so SSH access cannot come from load balancer) nginx only listens on 80&443 sshd only listens on LAN 10.x.x.x NIC on non-standard port sshd requires public/private key login (no password login) sshd does not allow root login normal server hardning
database server iptables blocking all but mysql on LAN from webservers iptables: ssh port on LAN only from firewall IP only (so SSH access only comes from firewall) mariaDB only listens on non-standard port on LAN (not 3306) sshd only listens on LAN 10.x.x.x NIC on non-standard port sshd requires public/private key login (no password login) sshd does not allow root login normal server hardning
The idea is anyone hacking the web site IP will be trying to get into the load balancer with no SSH access to other severs. The firewall for the management LAN side will be on a totally non-related domain and IP and hopefully not a target for attack, other than normal daily rookie type attacks.
It seems to be very secure to me, so where are my holes?
[link][16 comments]