Server Hardening

Category: VPS Hosting
Tagged: , , , .
Print This Post Print This Post

Linux server hardening:

  • Firewall Installation/Configuration – We install and custom configure a complete stateful packet inspection netfilter firewall. Offers more protection than standard iptables.
  • Login Failure Daemon – Integrates with the above firewall to block hacking and system intrusion attempts (such as brute force ssh and ftp attacks).
  • Linux Socket Monitor – Detects/alerts when new sockets are created on your system, often revealing hacker activity.
  • Remove unused processes – Default OS configurations often run services that are not needed and can be a security risk if left running.
  • Install Logwatch – Logwatch is a daily report that summarizes the information contained in the server log files.
  • OpenSSH configuration check – OpenSSH is checked to ensure only SSHv2 protocol is enabled. Additionally, if you request it, we can disable root login for the server and change the SSH port.
  • Rootkit Hunter – Rootkit Hunter is an essential tool in detecting possible root compromise and rootkit installation.
  • Chkrootkit – Chkrootkit is another essential tool in detecting possible root compromise and rootkit installation, it compliments rkhunter with a different detection approach.
  • Full OS Patching/Updating – We fully patch and update your OS.
  • Name server configuration check – If your server is running bind, we’ll check to insure it’s functioning properly and will disable open DNS recursion.
  • Apache tune and check – Check that apache is correctly configured and tuned for your servers requirements and that it is the latest version and upgrade if necessary.
  • MySQL tune and check – Check that mysql is correctly configured and tuned for your servers requirements.
  • Secure /tmp /var/tmp /dev/shm – These are remounted noexec and nosuid to add an additional layer of protection against web script hackers.
  • Delete unnecessary OS users – On a standard OS installation many user accounts are created that are not necessary and can therefore pose a security risk.
  • Remove SUID/GUID from binaries – On a standard OS installation many application binaries have SUID and GUID bits set that are not necessary and can therefore pose a security risk.
  • mod_security (by request only) – mod_security Apache module is a security layer in Apache that helps prevent exploitation of vulnerable web scripts. Mod-security will only be installed by request as its rules can break certain websites — if you want mod-security installed on your server please let us know.
  • PHP hardening (by request only) – Dynamic Library loading is disabled and commonly abused php functions disabled to help prevent hackers exploiting vulnerable PHP web scripts. Note: this is performed by request only as it can break certain websites. Please contact us if you need further details.

Windows Server Hardening:

  • Configure Windows Security Policy
  • Disable or delete any unnecessary users, ports and services
  • Un-install unnecessary applications
  • Configure basic software firewall rules
  • Configure auditing rules
  • Disable Unnecessary Shares
  • Configure drive encryption if requested
  • Apply all updates and hot fixes

Related Articles