EthicalHat’s Server Hardening Service is designed to help you secure your servers by making sure that:
- Your servers’ operating systems are updated regularly
- You use strong passwords and secure authentication processes
- Your third party software is regularly patched and protected
- Your host’s local firewall and antivirus are being used effectively
- The specific computing platform(s) you use is hardened based on CIS Bencharks.
We help you create a comprehensive server hardening plan designed especially for your IT environment and follow it up with implementation and continuous monitoring that includes checking your server and network for security gaps, notifying you of latest security alerts and patch releases, and maintaining your systems’ security on an ongoing basis. The hardening measures we put in place are all based on international security regulations and benchmarks.
While there are some server hardening best practices that are applicable to all operating systems, there are some that are specific to or that make more sense when securing a particular OS, like Linux or Windows.
Server Hardening Service for Linux
Focus areas when securing Linux servers:
- Encrypting Data Communication
- Creating disk partitions for better data security
- Disabling unused or unwanted services
- Checking for open ports and disabling network services that aren’t needed
- Using Secure Shell (SSH)
- Restricting Cronjobs
- Using SELinux
- Enabling Iptables Firewall
- Ignoring ICMP requests
Server Hardening Service for Windows
Focus areas when securing Windows servers:
- Securing RDP or Remote Desk Protocol
- Securing access to Windows registry key
- Using advanced Group Policy Audit features
- Configuring Windows Service Audit Lockout for maximum security
- Firewall Audit and Configuration
- Using Windows Audit Policy settings effectively
- Auditing Service Pack security
- Securing File System Permissions
- Configuring the antivirus for better security
Timely Patch Application
We work with your IT security team to ensure that any new patches that are released are implemented quickly. We schedule patch releases both for your operating systems and for your databases and endpoints. Additionally, we schedule regular reboots of your servers, whether or not there are any new patch releases in a given month.
To make sure that these security updates do not disrupt any of your regular IT services or business-flow in general, we always test them on non-critical systems before company-wide implementation.