حماية السيرفر

Complete list of technical services:

Firewall Protection:

• APF – Configure both ingress and egress firewall protection.
• BFD – Detect and prevent brute force attacks.
• CPHulk – Detect and prevent brute force attacks.

Spam Prevention and Anti-Virus Protection:

• ClamAV – Configure for e-mail scanning. Enable auto-updating anti-virus definitions.
• Realtime Blackhole Lists (RBLs) – Configure email server with RBLs to prevent spam.
• Harden Mailserver Configuration – Prevent against detection of valid e-mail address through brute-force attacks. Also enable HELO verification and other sanity checks.
• Dictionary Attack Protection – Prevent spammers guessing email addresses on your server.
• Checksum-based Collaborative Filtering – DCC and Razor to detect mass-mails.
• OCR Technology – Optical Character Recognition engine to detect spam in email as images and PDF files.
• Custom rulesets – Custom hand-selected SpamAssassin and ClamAV rulesets to increase spam detection.

HTTP Intrusion and DOS Protection:

• Mod_security – Install and configure mod_security for Apache with auto-updating ruleset.
• Mod_evasive – Install and configure DOS, DDOS, and brute force detection and suppression for Apache.
• PHP SuHosin – PHP Hardening through the Hardened PHP Project. Available on request.

Server Hardening:

• Disable IP Source Routing – Enable protection against IP source route attacks.
• Disable ICMP Redirect Acceptance – Enable protection against ICMP redirect attacks.
• Enable syncookie protection – Enable protection against TCP Syn Flood attacks.
• Enable ICMP rate-limiting – Enable protection against ICMP flood attacks.
• Harden host.conf – Enable spoofing protection and protection against DNS poisoning attacks.
• Harden Apache – Prevent module and version disclosure information.
• Harden SSH – Allow only SSH version 2 connections.
• Harden Named – Enable protection against DNS recursion attacks.
• Ensure Filesystem Permissions – Fix permission on world writable directories and prevent against directory-transversal attacks.
• Harden temporary directory and shared memory locations – Enforce noexec, nosuid on tmp and shm mounts.
• Harden “fetching” utilities - Allows root-only access of wget, curl, and other utilties often used in web-based attacks.
• Remove unnecessary packages – removes RPMS which are not needed to prevent against potential vulnerabilities and free up disk space.
• Disable unused services – Disable services which are not used.
• Disable unneeded processes – Disable processes which are not needed for server operation.
• PAM Resource Hardening – Protects against exploits which use core dumps and against user resource exhausting through fork bombs and other shell attacks.
• PHP Hardening – Enable OpenBaseDir protection.

Server Optimization:

• Optimize TCP/IP stack – Various changes to TCP/IP stack to increase buffers and optimize for server environment.
• PHP Configuration – Enables widely used PHP modules for maximum compatibility.
• MySQL Optimization – Optimizes MySQL performance for server configuration and enable query caching.
• PHP Caching – Optimizes PHP performance through EAccelerator script caching.
• FFMPEG and related software support – FFMPEG, Mencoder, flvtool2, and all related applications.
• Graphic Applications – Installs widely-used graphic applications NetPBM and ImageMagick.
• Monitoring Applications – Installs MyTOP, Iptraf, and Iftop utilities to easily monitor server performance.

Security Audits:

• Rootkit Hunter – Nightly scan to detect system intrusions.
• Chkrootkit – Nightly scan to detect system intrusions.
• Nobody Process Scanner – Scans for unauthorized "nobody" processes.