Server Security Measures..
A new client informed me that his old server have the following server security measures and he's expecting that his new server will have this too. We are only giving Basic Management of Servers and not this type of setting up of security...
Here are the list, what can you say:
SIM - (System Integrity Monitor) - It reboots services that have failed within 5 minutes.
SPRI - (System Priority) - Sets priority to current processes being run on your server, decreasing load 10-25%.
LSM - (Linux Socket Monitor) - Monitors network connections and sends emails when new ports have been opened.
PRM - (Process Resource Monitor) - Monitors all resources used by all processes and if a process is being flooded or causing high load on the server, it is killed.
BFD - (Brute Force Detection) - Detects brute force connections and automatically enters the offending IPs into the firewall to be blocked.
LES - (Linux Environment Security) - Enforces root-only permissions on system binaries as well as other restrictions on system programs.
Exiscan (CPanel) or Qscanq (PLESK) with Clam-Antivirus - Detect emails containing viruses or spam and discard them so your server is not the origin of the spread of todays common viruses or spam emails.
/tmp & /var/tmp hardening ?We harden /tmp and /var/tmp so no malicious scripts can be executed from the commonly used directory.
/dev/shm hardening - Another place hackers tend to upload files to is /dev/shm. This directory is hardened as well.
Optimize FTP Server for faster connections.
Optimize MySQL & Apache to reduce load and speed up connections.
Secure Apache to reduce the amount of information visible about a server's software making it less vulnerable.
Host.conf Hardening - Prevents IP spoofing and prevents DNS poisoning.
CHKRootKIt ?Simple script that detects software used by hackers. It scans once a day and emails the client if any suspicious scripts are found.
Disabling Unused Services ?We disable unused services to prevent them from being exploited.
Firewall Installation - APF (Advanced Policy Firewall) iptables based firewall.
TCP/IP Hardening ?Prevents DDOS and SYN-Flood attacks.
Logwatch ?Sends a daily report to the client with all activity that has taken place on the server for that day.
Operating System Optimization ?Optimize the OS for faster operation and load reduction.
Remove unused software ?We remove unneeded software to minimize the number of software that could possibly be exploited.
Remove unused services ?Unused services are shutdown and their ports closed.
Libsafe - Libsafe prevents buffer overflows and scans for exploitable software and notifies the client daily if any is found.
Turck mmcache and Zend Optimizer Installation - dramatically decreases page loading times by caching php scripts.
SSH Server Hardening - locks down and hardens the SSH server.
Nessus Security Scan - We perform a security scan on your server and patch any vulnerabilities found.
Security Updates ?Install updates released by control panel and OS venders.
Security Audit ?Run security checks and scan for vulnerabilities
Firewall Installation - (IPFirewall / IPFilter / PacketFilter)
Security Updates ?Install updates released by control panel and OS venders
Configuration changes ?Any changes desired by customer
Disabling Unused Services ?We disable unused services to prevent them from being exploited.
Remove unused software ?We remove unneeded software to minimize the number of software that could possibly be exploited.
Password Scan ?Scan for easy-to-guess passwords
Log Auditing ?We scan logs for unusual activity
Investigate Hacking Attempts ?We will investigate any hacking attempts.
Anti-spam configuration ?We will install Anti-Spam software that will scan all incoming and outgoing email and discard over 99% of the spam emails.
Anti-virus configuration ?We will install Anti-virus software that will discard all email-infected viruses.
Anti-DoS/DDoS kernel code tweaking to help prevent DDoS attacks.
Default system users removal ?We will remove the OS system default users.
SSH Server Hardening - locks down and hardens the SSH server.
Mod_Security - Intrusion detection and prevention engine for web applications.
/tmp & /var/tmp hardening ?We harden /tmp and /var/tmp so no malicious scripts can be executed from the commonly used directory.
TCP/IP Hardening ?Prevents DDOS and SYN-Flood attacks.
CHKRootKIt ?Simple script that detects software used by hackers. It scans once a day and emails the client if any suspicious scripts are found.
Smartd Installation - HDD Reliability monitor.
Snort Installation - Network Intrusion Detection System.
Acid Installation - Analysis Console for Intrusion Databases.
Tripwire Installation - Keeps track of every file being moved/edited in the system.
MRTG Installation - Bandwidth Usage Monitor
Nessus Security Scan - We perform a security scan on your server and patch any vulnerabilities found.
HostSentry Installation - Traces suspicious user's activity, unknown user logins etc
Everything included in initial setup above
Weekly System Health / Security Audit
Weekly Tweaking to Optimize and Secure Server
Install any server-needed 3rd Party Software Upon Request (ImageMagick, Fantastico, Urchin, GD Library, etc)
Troubleshoot any problems that occur with the server
Priority Ticket Resolution
Constant Control Panel and OS Updates
Constant Security Patching
Constant Software Updates
Constant Kernel Upgrades (RHE, CentOS, or *custom kernels only)
