Server hardening - what is best?

I'm looking to order some server hardening from either Rack911 or ServerWizards for my new dedicated box. I'm not really into security and my question to the WHT-gang is which of the following would you choose:

Rack911 - Advanced - 85$
Limit compiler & fetch utilities access to root only
Correct folder permissions to prevent directory transversa
Disable Unused services
Update all server/control panel software
Remove os default users & groups
Remove uneeded operating system packages
Harden host.conf
Improve OpenSSH configuration to be security oriented
Disable certain php functions (system,exec,shell_exec)
Configure Anti-Spam solution for email
Configure Anti-Virus solution for email
Install and configure Mod_security for apache
Install and configure Mod_dosevasive for apache
3rd Party Software Installation
Installation of APF (Advanced Policy Firewall)
Installation of BFD (Brute Force Protection)
Installation of PRM (Process Resource Monitor)
Installation of SIM (System Integrity monitor)
Installation of Chkrootkit (daily reports will be sent)
Installation of Rkhunter (daily reports will be sent)
Upgrade kernel to latest os release (add grsecurity or openwall - $10
Enforce LCAP limitations
Disable IP Source Routing
Disable ICMP Redirect Acceptance
Enable IP Spoofing Protection
Enable syncookie Protection
Enable misc. sysctl settings

OR

ServerWizards - Linux Security Advanced - $75
Updating kernel to the latest release + security patches (grsecurity/openwall)
Thorough security audit
Installation and configuration of firewall (KissFirewall/Bastille Firewall/APF)
Installation of security updates as released by OS/Control Panel vendor
Installation of custom software as desired by customer
Configuration changes as desired by customer
Disabling of unused and insecure services
Removal of insecure packages and unnecessary software
Regular scans for easy-to-guess users passwords
Log auditing for unusual activity
Investigating hacking attempts
Restoring files from backup
Anti-spam configuration
Anti-virus configuration
Anti-DoS/DDoS kernel code tweaking
Default system users removal
SSH server hardening
Mod_Security (Intrusion detection and prevention engine for web applications)
Securing /tmp directory
Kernel tuning with sysctl
Snort (Network Intrusion Detection System)
Acid (Analysis Console for Intrusion Databases)
Smartd (HDD Reliability monitor)
SIM (System Integrity Monitor)
PRM (Process Resource Monitor)
SPRI (System Priority)
BFD (Brute Force Detection)
PMON (Socket Monitor)
MRTG / RRDTool (Bandwidth Usage Monitor)
Tripwire (keeps track of every file being moved/edited in the system)
CHkrootkit (Rootkit/Exploit scanner reports sent daily)

Any comments on experience with either company is also welcome.

 

 

 

 

Top