Server Hardening Details

Our multilayer approach to securing a server gives you peace of mind against hackers.

While there are many benefits from running a secured server from increased stability and speed, one key is server hardening provides one of the foundational elements for being PCI Compliant.

The servers we harden include, but are not limited to, taking the following security measures:

  • Mini audit of the server to see if there is anything clearly wrong in terms of malware or hacks
  • Remove unnecessary operating system components
  • Update the operating system
  • Harden the operating system and system compilers
  • Secure the server networking layer
  • Install and configure three different types of root kit detectors — chkrootkit, rkhunter, and ossec-rootcheck
  • Install and configure logwatch — whose report we customize to include the daily output of the root kit detectors as well as mod_security and some other checks
  • Install and configure a web application firewall — WAF — mod_security.
  • Harden Apache and PHP.
  • If the server provides DNS services, secure the DNS service
  • Update server-based applications (end user applications can be updated at an hourly rate)
  • Install and configure Advanced Policy Firewall (APF) and Brute Force Detection (BFD) or ConfigServer Security and Firewall (CSF)
  • Install Linux Environment Security and Linux Socket Monitor
  • Install and configure System Integrity Monitor (alert on system load, disk space partition space left issues, restart key services automatically when able).

Since hardening Apache, PHP, and setting up mod_security do require tweaking to ensure your site(s) work as intended, our hardening includes up to two (2) hours combined for tweaking any portion of the hardening (time must be used within two weeks of hardening completion).

We do recommend regular security patching once a server is hardened to keep the server as secure as possible.

Don’t let another day go by with an insecure server. Please call us at 1-717-484-1062 or contact us for more information.