Subscribe to receive notifications of new posts:

Dome9 + CloudFlare = Combined Security For Your Website and Web Server

06/27/2012

2 min read

This is guest post from Roy Feintuch, Co-Founder & CTO of Dome9

Dome9 + CloudFlare = Combined Security For Your Website and Web
Server

Dome9 is a new kind of security management service that protects your cloud or hosted server firewall, including all the admin services for all your server's applications (e.g., phpMyAdmin). It's a great complement to the web security that CloudFlare provides.

Like CloudFlare, Dome9 is super simple. You simply create a free Dome9 accountand install a lightweight agent on your host machine. After that, Dome9 will secure your server's host firewall, or your EC2 security groups -- Dome9 can work agentless on EC2.

The magic of Dome9 is its ability to lock down all your administrative services so hackers can't brute force attack (or exploit a vulnerability of) SSH, RDP, MySQL and whatever else you've got running. Dome9 can open those services on demand (with just the click of a button) only for a specific user, service, and time period.

Here's an optimal server security policy you might set with Dome9:

  • Port 80 - Open *only* for CloudFlare's proxy servers
  • Port 443 - Open *only* for CloudFlare's proxy servers
  • Port 22 (SSH) - Closed, and opened only on demand
  • Port 8080 (phpMyAdmin) - Closed, and opened only on demand
  • All the rest - Closed

With this, your web server only communicates with CloudFlare and whomever you authorize.

How hard is it to set this up? It takes just a few minutes.

  1. Activate your Dome9 account [2 clicks thanks to CloudFlare Apps]
  2. Install the Dome9 Agent on your server (Linux and Windows are supported). [3 minutes]
  3. In Dome9 Central, create a ‘Web Servers' security group with the above policy. [2 minutes]
  4. Attach your server to the new security group. [2 clicks]

Setting a service to ‘On-Demand' is as easy as clicking a button.

Dome9 Magic IPs allow traffic only through the CloudFlare network

You're probably wondering how to allow only CloudFlare IPs? That's where Dome9's Magic IPs come into play.

Magic IPs are special IP address lists that Dome9 creates and maintains. We've created a special Magic IP for CloudFlare customers: {cloudflare}

With the {cloudflare} Magic IP you never have to worry about changes to CloudFlare's proxy IP addresses – Dome9 maintains them automatically.

Hence, your port 80 policy within Dome9 will look like this:

Dome9 + CloudFlare = Combined Security For Your Website and Web Server

With CloudFlare and Dome9 you can kick your cloud or hosted server's security up a notch with fun, easy to use, next generation security services.

Visit the Dome9 App page today to get started.

We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet application, ward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.
Cloudflare Apps

Follow on X

Cloudflare|@cloudflare