I'm setting up a bunch of Ubuntu servers in a colocation center. They offer a shared firewall service, but suggested I install a firewall on the servers myself, i.e. configure iptables on each machine (they suggested APF, but I'm leaning towards using UFW).
I'm pretty sure a dedicated firewall would be more secure, so I've asked them to use the shared firewall.
-
Am I right to assume that a dedicated firewall, managed by professionals, would be a better solution than whatever I can manage with software?
-
Should I set up a firewall on the servers in addition to the external one, or is that an overkill?
-
Does it matter if the shared firewall is a hardware device or just a linux box?
EDIT: Clarified. Sorry it took me so long.
Best Answer
I would recommend installing a software firewall like iptables on the servers whether or not you have a hardware firewall. The more layers of protection you have, whether to provide more walls for an attacker or to provide more places that someone would have to do something silly to allow an attacker in, the better.
That said, I would generally prefer to have both a software and a hardware firewall. There's a real issue though, if it's a managed firewall, of the skill and responsiveness of the firewall provider. If it takes them a week to open a port and you lose a customer because of it, was it worth it? The vendor you are evaluating may be awesome, this is just a consideration I would have.
So: