 |
FIREWALL
PROTECTION
Advanced Policy Firewall (APF) is installed and configured.
Ports which are not used by CPanel are firewalled off to maximize
the security of your server, the TCP/IP stack is hardened, and
ICMP rate limiting is enabled to prevent DoS attacks. Additionally,
Brute Force Detection (BFD) is installed which detects brute
force attacks against your server and automatically denies access
to attackers.
Rebelnetworks also enables more security features to defend against
SYN based DoS attacks, DNS poisoning and spoofing protection.
|
 |
ANTI-SPAM / ANTI-VIRUS
PROTECTION
Realtime Blackhole List (RBL) filtering is configured
for anti-spam protection on your server. The configuration,
and combination of nearly 10 blacklists, is designed to maximize
spam filtering while keep false positives to an absolute minimum.
RebelNetworks maintains local mirrors of these blacklists for maximum
server performance. Updates are made approximately every 30
minutes to ensure your server is constantly protected. |
 |
HTTP INTRUSION PROTECTION
ModSecurity intrusion detection and prevention engine is installed
for Apache. This module increases web application security,
protecting web applications from both known and unknown attacks.
The customized ruleset provides protects from a wide
variety of common http attacks, such as PHPBB exploits. If a
new exploit is released, your server can be protected in as
little as 15 minutes as we push out ruleset updates. |
 |
SERVER HARDENING
Besides our initial system audit, which ensures proper installation
of the Operating System and control panel and all packages are
at the latest patch level, performs many other security
tweaks to your server. Temporary directories and shared memory
locations are secured to prevent against rogue files being uploaded
or executed on the system. All unnecessary services are disabled,
and unused packages are removed. Fetching programs, which are
commonly used in exploit attempts are restricted to superuser
access only. SSH is hardened, and kernel operating variables
are tweaked to add additional security without impacting any
use of the server. For a full list of performed services, please
see below. |
 |
HTTP DOS PREVENTION
ModEvasive is installed for Apache. This module provides evasive
action in the event of an HTTP DoS or DDoS attack or brute force
attack.and works well in both single-server script attacks as
well as distributed attacks.
Attacking hosts are blocked temporarily from Apache while legitimate
requests are allowed through. |
 |
DAILY SECURITY AUDITS
installs our own security scripts which run daily
to look for signs of system intrusion or exploits which could
threaten the health of your system. Rootkit Hunter and Chkrootkit
are also installed and scan the system daily. If any anomalies
are discovered, our technicians are alerted and can manually
investigate to ensure your server is secure. |
| Advanced Policy Firewall
(APF) |
Advanced Configurable firewall to block off unused
ports and increase system security. |
| Brute Force Detection (BFD) |
Detects and blocks brute force attacks. |
| ClamAV Anti-Virus for Email |
ClamAV scans incoming and outgoing email for viruses, worms,
and trojans. |
| Anti-Spam Filtering |
Realtime Blackhole List (RBL) filtering is enabled using custom
rulesets. |
| Chkrootkit |
Looks for commonly used rootkits, backdoors, and exploits.
Also checks for other signs of intrusion. |
| Rootkit Hunter |
Looks for commonly used rootkits, backdoors, and exploits.
Also checks for other signs of intrusion, and tests system binaries. |
| Mod_Evasive |
DoS and brute force prevention for Apache. |
| Mod_Security |
HTTP Intrusion Protection System for filtering exploits. |
| Disable Unnecessary Processes |
Disables any services which are not needed for normal system
operation. |
| Remove Unnecessary Packages |
Removes any extraneous packages to remove potential attack
and DoS vectors while reducing system footprint. |
| Secure Temporary Directories |
Secure /tmp, /var/tmp and other directories to prevent against
unauthorized binary upload and execution. |
| Secure Shared Memory |
Secures /dev/shm to prevent against unauthorized binary upload
and execution. |
| Secure Directory Permissions |
Strengthens file permissions on many world-writable directories. |
| SSH Hardening |
Hardens SSH server to prevent against possible attack vectors. |
| Restrict use of fetching programs |
Restricts commonly used fetching programs, such as wget, to
superuser access to prevent their use in many common web attacks. |
| Daily Security Audit |
Custom security scripts are installed to report
on possible security issues. |
| Host Configuration Hardening |
Hardens host against spoofing and DNS cache poisoning. |
| PAM Resource Hardening |
Enforces PAM resource limiting to prevent against attacks. |
| Sysctl Hardening |
Modifies kernel operating values to strengthen TCP/IP stack
against various attacks including syn floods. |
| ImageMagick |
Graphics software package commonly used by many
web applications. |
| NetPBM |
Graphics software package commonly used by many web applications. |
| Mod_gzip |
Compresses HTTP traffic to speed up web-browsing times for
your visitors. |
| Apache Recompilaton |
Recopiles Apache with commonly used Apache and PHP modules
and settings for maximum performance and compatability. |
| MyTOP |
MySQL TOP - tracks MySQL usage in an interface similiar to
the Unix 'top' command. |
| IPTraf |
Detailed command-line bandwidth statistics tracking utility. |
| IfTOP |
Command-lin utility to see track bandwidth usage based on
connecting hosts. |
| Server Stress Test |
Stresses CPU, Memory Subsystem, I/O Subsystem,
Hard Disks for quality control and compatability purposes. Standard
on all servers. |
| Memory Test |
Determines memory is free from any errors which could cause
stability issues. Standard on all servers. |
| Operating System update Check |
Ensures all Operating system components are functional and
up-to-date. |
| WHM Configuration Check |
Ensures WHM has been installed and configured. |
| Kernel Update Check |
Ensures kernel is at the latest OS-release version. |
| Backup Configuration |
Ensures backups have been configured to the backup drive
in your server or remote backup space (if applicable). |
Peace of Mind, Absolutely Free.