Live Help

Testimonials

Hey folks, GoHosting is one of the best hosting providers you are ever likely to come across. What makes them particularly brilliant is their stunning service. Their 24/7 telephone support is really staggeringly good. In an age where there are many promises but little fulfilment, I'm pleased to report that GoHosting deliver more than they promise. And since they are a Canberra-based company, you can have the satisfaction of knowing you are supporting local businesses to thrive. Good luck with your GoHosting experience!

Andrew Wells DRU Australia
www.dru.com.au

Server Hardening what is it really?

Posted 18 February 2011 by Alan Dawe

Server Hardening is often misunderstood as being a one off process to tighten the security on a server before it becomes live on the Internet. This is only partially correct, sure you want to tighten the security of your server before putting it on a Public Network, but its not enough to put it in and forget about it. The idea behind server hardening is the process of securing the machine not only before it goes live, but permanently.

We have seen around the Internet, “Server Hardening Guides”, “Security Checklists” and “Hardening Protocols” all of which seem to be one off documents where you follow through the checklists ticking off the boxes and completing the required steps. Once all the steps have been completed, email the completed checklist to the boss stating the machine is now secure and that’s the end of that.

This is actually good practise as an initial process, but what happens in the future when someone creates a utility that can breach the security of your hosted server? Or someone finds that your running an out of date software application that can be exploited? The sad fact about the internet is that if a server can be compromised your pretty much guaranteed that it will be in time.

The idea behind server hardening is to make your machine secure and keep it secure and up to date as possible.

What steps can you take? Well the main things are keep your software up to date, most software developers release fixes, updates or patches which rectify found flaws or exploits, remove unused usernames and logins from your servers, disable SSH access with the root account, make sure you are behind a firewall, use a data integrity / change detection tool like Tripwire and most importantly take backups lots of backups. Regular audits on your servers for software updates is also a good habit to get into. Another good habit to get into is keeping documentation on your hosted servers this way you can see what versions of software you have installed, when patches or updates were installed, who performed the work etc etc.

Did we mention backups? Regular checked backups are very important, especially when the data on your server is critical.

Comments

Alberto Florez says:
5 May 2011 3:05pm
Ditto. Back-ups are essential.
George Prowse says:
14 June 2011 11:20am
I always find SELinux with grsecurity and a hardened toolchain with PaX is a must and is likely to remove any threats.
* Your Name
* Email Address
Your Comment
Sample Callout