Configuring a Service with Host Based Security Restrictions
Senior Vice President of Content
Outside of using a Firewall, it is important to understsand that there are other methods of configuring a service with host based security restrictions. Using the hosts.allow and deny files, we will explore how TCP Wrappers works to secure our systems.
You are being asked to secure the SSH service on the server instance you have been provided access to. As your company precludes the use of firewalls (because of the complexity of tracking and managing firewall rules on a number of systems) on internal systems inside your trusted zone, you will need to use another method to secure the SSH service.
The objective is to ALLOW connections externally (to the name or public IP address of the SERVER) but to DENY connections from the CLIENT over the private IP address, so that entire network should be excluded. For auditing purposes, your security team wants any denial to be logged for future reporting, please add that configuration to the appropriate location.
Once you have the appropriate configuration in place in the correct hosts files, reload the SSH configuration and verify the changes behave as expected. Once verified, you can turn your system over to the development team.