Server hardening

Categories VPS Hosting Tags vps hosting

Our systems administrators are able to offer server hardening services as an add-on option for customers with VPS Hosting. Please contact your account manager if you are interested in these services.

Linux server hardening:

  • Firewall Installation/Configuration - We install and custom configure a complete stateful packet inspection netfilter firewall. Offers more protection than standard iptables.
  • Login Failure Daemon - Integrates with the above firewall to block hacking and system intrusion attempts (such as brute force ssh and ftp attacks).
  • Linux Socket Monitor - Detects/alerts when new sockets are created on your system, often revealing hacker activity.
  • Remove unused processes - Default OS configurations often run services that are not needed and can be a security risk if left running.
  • Install Logwatch - Logwatch is a daily report that summarizes the information contained in the server log files.
  • OpenSSH configuration check - OpenSSH is checked to ensure only SSHv2 protocol is enabled. Additionally, if you request it, we can disable root login for the server and change the SSH port.
  • Rootkit Hunter - Rootkit Hunter is an essential tool in detecting possible root compromise and rootkit installation.
  • Chkrootkit - Chkrootkit is another essential tool in detecting possible root compromise and rootkit installation, it compliments rkhunter with a different detection approach.
  • Full OS Patching/Updating - We fully patch and update your OS.
  • Name server configuration check - If your server is running bind, we'll check to insure it's functioning properly and will disable open DNS recursion.
  • Apache tune and check - Check that apache is correctly configured and tuned for your servers requirements and that it is the latest version and upgrade if necessary.
  • MySQL tune and check - Check that mysql is correctly configured and tuned for your servers requirements.
  • Secure /tmp /var/tmp /dev/shm - These are remounted noexec and nosuid to add an additional layer of protection against web script hackers.
  • Delete unnecessary OS users - On a standard OS installation many user accounts are created that are not necessary and can therefore pose a security risk.
  • Remove SUID/GUID from binaries - On a standard OS installation many application binaries have SUID and GUID bits set that are not necessary and can therefore pose a security risk.
  • mod_security (by request only) - mod_security Apache module is a security layer in Apache that helps prevent exploitation of vulnerable web scripts. Mod-security will only be installed by request as its rules can break certain websites -- if you want mod-security installed on your server please let us know.
  • PHP hardening (by request only) - Dynamic Library loading is disabled and commonly abused php functions disabled to help prevent hackers exploiting vulnerable PHP web scripts. Note: this is performed by request only as it can break certain websites. Please contact us if you need further details.
Windows Server Hardening:
  • Configure Windows Security Policy
  • Disable or delete any unnecessary users, ports and services
  • Un-install unnecessary applications
  • Configure basic software firewall rules
  • Configure auditing rules
  • Disable Unnecessary Shares
  • Configure drive encryption if requested
  • Apply all updates and hot fixes

Rate this article