Secure publicly accessible MySQL port
Currently the MySQL server port is wordwide accessible. I'd rather have it's traffic firewalled but if that's not possible, at the very least an application that guards against brute-force password attacks, like sshguard or fail2ban.
Ideally, a publicly accessible protocol should enforce SSL/TLS.
Completed! You can manage your firewall whitelist through our service panel.
-
Completed! You can manage your firewall whitelist through our service panel.
-
P. Muller commented
I think that implementing an IP whitelist for the ports 21, 22 and 3306 is the best option. In this way these ports are not an security risk any more.
-
Jeroen Boersma commented
Another option is to use ssh port forwarding.
ssh app@yourhost.hypernode.com -L 3367:localhost:3306
Install your favorite tool on the machine your connecting from.
-
Willem de Groot commented
Another option is to implement security groups: IP whitelists which are allowed to connect to SSH / MySQL.