Web Application Hardening Services
Level 1 Hardening Package
- CHKrootkit -- New an improved. Only get e-mails if something is found to keep your e-mail ques smaller.
- RKHunter -- Advanced with add-ons like UNHIDE, SKDET and configured for better security scanning.
- CSF/LFD -- With so many settings to configure, let us setup and configure and secure your server with correct values and settings.
- Linux Malware Detect -- We can configure your Linux system to be scanned for malware. This will help keep your users safe and protected and keep your costs and time down so you do not need to or have to worry about spam and other issues.
- Linux Environment Security -- Let us lock down binaries and other important Linux files and setup to not break install scripts on control panels.
- Linux Socket Monitor -- LSM is a network socket monitor; it is designed to track changes to Network sockets and Unix domain sockets, effectively a port monitor. It does this by a rather simple differential based comparison of current and new server sockets (Server Ports). A simple and configurable alerting system sends alerts whenever new ports activate. LSM will ignore services that are currently holding sockets open, events are only applicable when a 'new' socket (port) is created. The execution cycle of NSIV is very simple, first it determines the running process ID of your binary followed by the trusted inode (that which is associated to the BIN variable). Then, the PORT value is used to check that the binary holding said port open actually references back to the trusted inode, if it does not then we assume the service has been hijacked and the PID is killed / RST executed with optional e-mail alert dispatched.
- Limit Compiler and Fetch Utilities Access to Root Only -- Users do not need access to such utilities and are commonly used and exploited to launch attacks and wreck havoc on a server.
- Disable Unused Services -- Disable services and applications that are running and not required for certain tasks to help keep the server secured and less open to attacks and exploited.
- Secure /tmp /var/tmp Directory -- Protect from exploits in such directories.
- IF CPANEL(mention in notes which ones you want):
- ConfigServer ModSecurity Control (cmc)(optional) -- A script to give you a more visual interface in WHM.
- ConfigServer Mail Queues (cmq)(optional) -- Manage and view e-mail ques to check for spam.
- ConfigServer Mail Manage (cmm)(optional) -- Manage and view e-mails to check for spam.
- Server Explorer (cse)(optional) -- Allows you to view and edit files anywhere on a server
- Update All Server / Control Panel Software -- Ensure you run latest updates and get latest updates.
- Log View cPanel Plug-in (optional) -- Allows you to view Logs.
- Disable and remove bad plug-ins (optional) -- Many plug-ins built for CP and WHM create security issues.
Level 2 Hardening Package
- Level 2 Modifications
- Disable Certain PHP Functions that Pose Security Threats -- Some PHP functions can be dangerous to run and they are commonly never used and should be disabled while leaving other functions open.
- Compile Symlink protection into Apache -- Apache suffers from a Symlink exploit that should be fixed with a custom patch.
- Harden SSH and enforce SSH2 Protocols -- Harden and secure SSH.
- Whitelisting and SSH Key Setup (optional) -- If you want to remain extra secure we can whitelist your IP and range to SSH.
- /shm & /proc hardening -- Protect key valuable file system directories from attacks..
- Lock CPanel WHM root -- Let us make sure that only your IP can login and access WHM with the root account(other accounts can be added too).
- NULL pointer dereference vulnerabilities patched -- Configure the system to remain safe against NULL pointer attacks.
- Sysctl hardening/performance tuning -- Configure the system block bad attacks and remain fast and responsive and tuned.
- Harden host.conf -- Protect against attacks aimed at the HOST.
- Harden named.conf -- Ensure that BIND/NAMED are configure and safe against several DNS attacks.
- Harden Kernel and improve security and performance -- Make sure the kernel remains protected against attacks.
- Install LibSafe -- . 'libsafe' is based on a middle-ware software layer that intercepts all function calls made to library functions known to be vulnerable and protects against the attack
- Disable Open DNS Recursion/BIND Security Edits -- Protect NAMED/BIND against attacks.
- Smartd -- Monitor hardware and disks and send e-mail alerts if there are disk issues.
- TCP/IP Stack Hardening -- Protect kernel and server against DoS and (d)DoS attacks.
- Operating System Optimization -- Ensure the operating system is optimized.
Level 3 Hardening Package
- Level 1 & Level 2 Modifications
- Improved Modified Spamassasin Rules to drop incoming Spam -- Tweaked rules to get better response at blocking spam.
- Prevent outgoing Spam -- Rules that will provide filtering to prevent spam from leaving your server. Blocks most spam.
- Optimize MySQL -- MySQL tuned for performance with configurations not typically mentioned or found.
- Optimize HTTPd -- HTTP tuned for handling more request and traffic and faster page loading.
- Optimize FTP -- FTP tuned for fast and more file transfers.
Level 4 Hardening Package
- Level 1, Level 2 & Level 3 Modifications
- Compile GRSecurity Kernel and tune/configure. -- GRSecurity is a fine tuned kernel that offers several security advancements that can be enabled to keep your server extra safe and secure.
- Fast Support Responses
- Tested and insured
- Always updated to latest threats
- Designed to protect
- Minimizes fails positives
- Less constraint problems
Never go down from web based attacks. Stay up and running securely.
Stop remaining in the back. Take the steps required to focus on your website or business and let us do the technical issues.
Feel at Home
We work to ensure everyone of our clients feels like they are at home and can have full trust with us.
As a client you will always be alerted to the newest threats and remain patched against them.