Table of Contents
I. Secured System
II. Firewall Protection
III. Anti-Spam / Anti-Virus Protection
IV. Protection against HTTP attacks
V. Strengthening the server
VI. Preventing DoS HTTP attacks
VII. Daily security audits
VIII. Complete list of Secured services
X. Initial system Audit
Secured is an exclusive Hostico service designed to take the worry out of correct configuration of a server, saving you both time and money. These default settings bring additional services and changes to a standard installation of the operating system and to the cPanel control panel. These changes/services are meant to improve the security, reliability and compatibility of the server with the applications. What for you would normally mean hours of "tweaking" or hiring a third party, is now provided for free by Hostico. Your server is secure and ready for use as soon as you take possession of it.
CSF (ConfigServer Firewall) is installed and configured. Unused ports of cPanel or from your application are blocked to enhance server security, TCP/IP stack is improved and is set an ICMP limitation to prevent DoS attacks. Additionally, LFD (Login Failure Daemon) is also installed which protects your server against brute force attacks, automatically blocking attackers in firewall.
Hostico also takes additional security measures to protect against SYN DoS attacks, DNS poisoning and spoofing. The latest solution offered in this regard is the ARBOR protection system which of course now becomes available to Hostico customers.
Anti-spam filtering is configured based on Realtime Blackhole List (RBL). Configuration and combination of nearly 10 blacklists is made to maximize spam filtering and keeping to a minimum the erroneous detections. Those lists are updated every hour to ensure constant protection of your server.
ModSecurity, the detection and prevention engine for HTTP attacks, is configured for Apache. This module increases the security of web applications, protecting them both for known attacks as well as application-specific attacks. Protection rules are regularly updated to provide constant protection for your applications.
Besides the initial control that ensures proper installation of the operating system, control panel and updating all packages, Hostico perform many other adjustments to your server security. All unnecessary services are disabled and all unused packages are removed. SSH is strengthened and operating variables of the kernel are modified to increase security without affecting server operation.
DDoS-Deflate is installed for Apache. This module performs evasive actions in the event of an HTTP DoS attack, DDoS and brute-force attacks and works well both in distributed attacks and attacks coming from a single source.
The servers who initiate the attacks are blocked without disturbing the valid requests.
Hostico installs scripts that run daily and check the integrity of the system and possible traces of unauthorized access or exploits that could endanger the system. Rootkit Hunter and Chkrootkit are also installed for a daily scan of the system. If an anomaly is detected, Hostico technicians are notified and investigates your server manually to ensure its integrity.
- CSF (ConfigServer Firewall) - An advanced firewall to block unused ports and to enhance system security
- LFD (Login Failure Daemon) - Detects and blocks brute force attacks
- ClamAV Antivirus for Email - ClamAV scans inbound and outbound emails for viruses, trojans and other worms
- Anti-Spam Filtering - Activation of anti-spam filtering systems by RBL (Realtime Blackhole List)
- Chkrootkit - Check the system for commonly used rootkits, backdoors and exploits. Also check for other signs of intrusion
- Rootkit Hunter - Check the system for commonly used rootkits, backdoors and exploits. Also check for other signs of intrusion and system binary files.
- Mod_security - Intrusion prevention system by filtering out the exploits.
- Disabling unnecessary processes - Disable all unnecessary services that are not related to the correct operation of the system
- Removing unnecessary packages - Removing all unnecessary packages that are not related to the correct operation of the system
- Securing temporary directories - Securing /tmp, /var/tmp and other directories to prevent loading and running forbidden binary files
- Strengthening of SSH - Strengthening of SSH to prevent brute force attacks
- Daily security audits - Install certain scripts that run daily to check the integrity of the system
- Strengthening PAM resources -Tightens up PAM limitations to prevent different attacks
- Strengthening of Sysctl - Change kernel values to strengthen the TCP/IP stack to prevent and protect against attacks
- Suhosin - Advanced protection system for PHP applications protecting various known and unknown attacks using various methods.
- MyTop - MySQL TOP - MySQL usage level presented in a similar interface like the UniX command "top"
- IPTraf - detailed traffic monitoring
- ifTOP - traffic monitoring on server IP`s
- Server stress test - In the case of a dedicated server, the following components are checked: stress levels supported by the memory, processor, hard drive and system I/O. Standard Hostico procedure on all servers.
- Memory test - Memory testing to identify any errors. Standard Hostico procedure on all servers.
- Testing and updating the operating system- Ensure that the operating system is functioning normally and that all its components are updated
- Control panel verification - Check the parameters of the installed control panel
- Kernel verification - Installing the latest stable version of the kernel
- Configuring Backup - Ensure the correct operation of backup services
Configured servers and services are carefully monitored 24/7 to assure a rapid intervention of the Hostico technical team if the situation so requires. Also the constant monitoring is useful for statistics regarding the use of resources, the prevention of overloading and implementing a way in general to proactively work for the improvement of services.
Among the services monitored we note:
- Web Server (HTTP)
- State of the control panel (cPanel, Webuzo)
- Mail System (SMTP, POP3, IMAP, Numbers of mail in the waiting list)
- Server Services (SSH, FTP, etc)
- Data bases (MySQL)
- Server load
- Server traffic (in/out)
- I/O Level
- Available space/ used space
Note: The servers for which customers have assumed the responsibility of administration will not benefit from applications and techniques detailed on this page.