New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
What should "Server Hardening" include.
rethinkvps
Member
in General
Hello All -
As we see all the time in the web hosting business, we see the word "Server Hardening" which doesn't always mean the same thing depending on which company you goto.
What do you think server hardening should mean if your provider is to offer it.
Comments
to me, it means using a hardened kernel (e.g. grsecurity) as minimum. mandatory access control (apparmor, selinux) should also be fully enabled.
"Server Hardening" should include a detailed list of what they will perform. Any company worth anything that offers this service will have both a detailed list for the client to see before they purchase as well as a checklist and audit to deliver to the client once it is complete.
EDIT: ServerWizards are a good example of what companies should provide clients before they purchase Server Hardening: http://serverwizards.com/security.php
EDIT2: I don't hate ServerWizards, I was thinking of another company (SeeksAdmin).