All our managed servers come with a software firewall at no extra cost. The firewall will be configured by our expert sysadmins to permit connections to only the services you want to run, for instance an IMAP mail server or HTTP/HTTPS web server. This protects you from backdoor scripts, trojans and similar viruses that might compromise the security of your machine. We can also, on request, limit outbound connections to prevent unwanted software from calling home.
By default we will always disable remote database access in order to keep your sensitive data as secure as possible. Trusted IP addresses can be added to a whitelist (such as your office or home IP) and permanently allowed through the firewall.
A shared hardware firewall is the next step up from a software firewall. We will deploy your server into its own security zone on a large-scale shared firewall appliance. The hardware firewall restricts port access in the same way as a software firewall but does so before the traffic even reaches your server, making it impossible to disable even if a rogue administrator were to ever have access to your server. It can restrict outbound and inbound access.
Another substantial benefit of a hardware firewall is the ability to create a virtual private network (VPN) connection to your server for backend administration. High grade encryption and 2 factor authentication lets you access the critical data remotely and securely even without a fixed IP address.
A hardware firewall will also protect against many types of Denial of Service attack (commonly referred to as DDoS or DoS).
For the majority of customers a shared hardware firewall is sufficient, however if you need extremely high throughput or a greater degree of DDoS protection you may require a dedicated or customised service.