Security Considerations

GUMS should be protected by a firewall to avoid DOS attacks since it is a key piece of the authentication and authorization process. Outside access should not be required anyway since it is an internal service.

We recommend either putting the GUMS server behind a firewall or running iptables configured to block GUMS port 8443. For example, for the domain, the iptables configuration should look something like:

:INPUT ACCEPT [35:5488]
:OUTPUT ACCEPT [22:1588]
-A INPUT  -m state --state RELATED,ESTABLISHED -j ACCEPT # Accept all from within
-A INPUT -s  -j ACCEPT # Allow external access to httpd
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p udp -m udp --dport 80 -j ACCEPT # ...

# drop everything else

Please customize the ip address/mask for your own site. Your iptables configuration file should be placed in /etc/sysconfig. Start iptables by executing 'service iptables start'.