The Security Bundle is a total security roundup for your critical appliances. We install an array of industry standard software, with many custom settings we have learned over the years - to ensure your security and peace of mind.
PI Host is also an innovator in the security industry as
we have developed and maintain a broad spectrum of Open
Source software that we make publicly available. Our
custom engineered software coupled with a diverse and
knowledgeable staff, allow us to provide an unsurpassed
level of service and security.
| Bundle Feature Name: |
Description: |
| APF (Advanced
Policy Firewall) |
policy based, reactive firewall |
| LSM
(Linux Socket Monitor) |
network monitor, identify rouge services |
| SPRI (Priority
Scheduler) |
schedule the priority of system processes |
| BFD
(Brute Force Detection) |
identify login password cracking attempts |
| SIM (System Integrity
Monitor) |
monitor critical services, load, network etc. |
| NSIV
(Network Socket Inode Validation) |
auto-inode validation; ensure sanity of binaries
that are running as network services |
| LES
(Linux Environment Security) |
set secure default permissions and restrictions
across the local env.; prevent key logging and profile
hijacking among other intrusion trends |
| RPM Package Purge |
removal of unneeded software, such
as print server, printing drivers, sound & usb drivers,
portmaper, ypserv etc... |
| Default User Purge |
remove OS Default users [adm, gopher etc...] |
| Common permissions |
reset system permissions to secure
defaults on directories and common binaries |
| 'tmp' Path Hardening |
harden temporary data paths (e.g: /tmp) with a special
device file to enforce strict options that prevent the
execution of compiled exploits |
| 'tmpfs' Path Hardening |
harden the tmpfs file system path (i.e: /dev/shm) with
special mount options; to enforce strict permissions that
prevent the execution of compiled exploits |
| 'lalert' Login Alert routine |
notify system administrator when an interactive login
is initated for users root, adm, admin, & mysql |
| 'sysctl' Hooks Configuration |
sysctl provides configuration options
hooked into kernel functions to allow a user to modify
options without a recompile; these options are tweaked
to harden the TCP/IP stack from syn-flood attacks and
other network abuses |
| Services Hardening |
tweak & harden common services to minimize information
broadcasted about software versions |
| Time Synchronization |
sync local system clock to time server |
| Increased Logging |
modify default syslog configuration to perform further
logging options |
| Host.conf |
reconfigure host.conf to prevent dns
lookup poisoning & spoofing protection |
| TPE (trusted path execution) |
enforce trusted path execution; exported PATH environment
variable can only contain root owned paths |
| Setup 'iftop' |
top like network traffic monitor |
| Setup 'tcpdump' |
network packet sniffer/network analysis |
| Setup 'cbq' |
QoS discipline rules; allows throughput
limiting |
| Setup 'smartd' |
monitor hard disk events; failed i/o, temp, etc..; can
provide ample warning to disk failure; email alerts |
| Setup 'mod_security' |
filter common web-based attack trends
(i.e: php injection exploits) |
| Setup 'snort' |
network intrusion detection system (*evaluated
against available resources; not installed on high-load
servers) |
| Setup 'logwatch' |
log parsing and reporting
utility; receive daily summary reports on systems events
(kernel, network, logins, top e-mail relays & local
senders etc...) |
| Backdoor inspection |
inspect and verify server for sanity
from backdoor exploits |
| User Password Auditing [JTR] |
audit user accounts and identify insecure user passwords/alert
users/admin summary report |
| PAM basic limits |
linux pam resource limits; restrict
user resource consumption to reasonable limits |
| SSH Server Hardening |
modify default sshd server config files to address common
protocol & authentication issues |
| Software Updates |
local inspection of installed software/retrieval
of vendor & OS updates |
| PHP open_basedir |
modify php setup to enforce a set of 'safe' execution
paths |
| Security Analysis |
security verification tests; verifies
secure setup |
An ideal service for brand new web appliances, and as a on-time security roundup for production appliances already deployed.
Individually the services offered in this packaged bundle would cost exceeding of $300, however we feel it is our job to offer the best possible solutions to our users. So take peace of mind and know your secured against current and future threats on the most advanced levels, with R-fx Networks.
