ServerGuard Security

All HawgHost services comes with our exclusive security hardening service ServerGuard. ServerGuard greatly increases the security, performance, and reliability of your HawgHost server and is provided to you completely free of charge. Please contact us if you have any questions, all servers should come pre-installed with ServerGuard except for Virtual Servers (VPS) as it needs to be installed by our staff upon request.

ServerGuard is a powerful security and optimization suite that gives you and your server peace of mind. It was developed by HawgHost with five major goals - to harden and increase server security, prevent spam and intrusions, increase server reliability and uptime, enhance and optimize server performance, and improve overall system health.

Server Hardening and Optimization:

HawgHost secures and optimizes your server in many different areas. First we start with optimization of the commonly used services such as HTTP/Apache, FTP, DNS Bind and SSH. We then optimize and harden the server for maximum security and performance against syn flood attacks, spoofed packets, DNS poisoning, ICMP DOS/redirect attacks and more. We also ensure proper directory permissions and securing of the temporary directories to protect against intrusions and attacks. All unnecessary packages, services and processes are disabled to increase maximum performance at the operating level. Finally, we install and configure many commonly used applications for free such as RED5, FFMPEG, Mencoder, Eaccelerator & Suhosin for PHP, ImageMagick, NetPBM, MyTOP, and more.

Firewall and Brute Force Protection:

Advanced Policy Firewall (APF) or ConfigServer Security & Firewall (CSF) is installed and configured on our servers. All unused and insecure ports on the server are blocked off and closed and we employ both ingress and egress filtering methods to provide the highest level of protection. The firewall also automatically updates it's blacklist using the Spamhaus DROP list to block unsafe traffic from professional spammers and hackers. We also configure Brute Force Detection (BFD) or Login Failure Daemon (LFD) to add an additional layer of security. Lastly, CPHulk is enabled which protects against brute force attacks directed at common services.

Anti-Virus Protection & Spam Prevention:

Our servers are configured with Anti-Virus protection to scan emails and files for malicious softwares and viruses using ClamAV. ClamAV currently detects over 60.000 viruses, worms and trojans and is used by major enterprises worldwide. We also apply a variety of techniques for spam prevention such as setting up Realtime Blackhole Lists (RBLs), configuring ClamAV to work with SpamAssassin and finally optimizing and hardening the mail server configuration.

HTTP Intrusion and DOS Protection:

HawgHost installs and configures servers with Apache modules mod_security and mod_evasive to prevent against web application and denial of service (DOS) attacks. Mod_security is ModSecurity is a web application firewall that provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.. Mod_evasive provides evasive action in the event of an HTTP DoS or DDoS attack or brute force attack.

Security Audits:

We install and configure Rootkit Hunter and Chkrootkit to perform nightly security audits to ensure the server is safe and protected from intrusions and hackers trying to gain access to the server. The softwares will scan the server for rootkits, worms and LKMs and are regularly updated.

Complete list of technical services:

Firewall Protection:

  • CSF – Packet Inspection (SPI) firewall and Security application.
  • LFD – Detect and prevent Login Intrusion.
  • APF – Configure both ingress and egress firewall protection.
  • BFD – Detect and prevent brute force attacks.
  • CPHulk – Detect and prevent brute force attacks.

Spam Prevention and Anti-Virus Protection:

  • ClamAV – Configure for e-mail and virus scanning. Enable auto-updating anti-virus definitions.
  • Realtime Blackhole Lists (RBLs) – Configure email server with RBLs loaded to prevent spam.
  • Harden Mailserver Configuration – Prevent against detection of valid e-mail address through brute-force attacks. Also enable HELO verification and other sanity checks.
  • Dictionary Attack Protection – Prevent spammers guessing email addresses on your server.
  • Checksum-based Collaborative Filtering – DCC and Razor to detect mass-mails.

HTTP Intrusion and DOS Protection:

  • mod_security – Install and configure mod_security for Apache with custom ruleset.
  • mod_evasive – Install and configure DOS, DDOS, and brute force detection and suppression for Apache. Available on request.
  • PHP SuHosin – PHP Hardening through the Hardened PHP Project.

Server Hardening:

  • Harden Apache – Increased security on Apache.
  • Harden SSH – Custom SSH Port and limited connections.
  • Harden Named – Enable protection against DNS recursion attacks.
  • Ensure Filesystem Permissions – Fix permission on world writable directories and prevent against directory-transversal attacks.
  • Harden temporary directory and shared memory locations – Configure noexec, nosuid on tmp and shm mounts.
  • Harden “fetching” utilities - Allows root-only access of wget, curl, and other utilties often used in web-based attacks.
  • Remove unnecessary packages – removes RPMS which are not needed to prevent against potential vulnerabilities and free up disk space.
  • Disable unused services – Disable services which are not used.
  • Disable unneeded processes – Disable processes which are not needed for server operation.
  • PHP Hardening – Enable SuHosin, OpenBaseDir protection and more.

Server Optimization:

  • Apache Configuration – Optimizes Apache performance for server configuration .
  • PHP Configuration – Enables widely used PHP modules for maximum compatibility.
  • MySQL Optimization – Optimizes MySQL performance for server configuration and enable query caching.
  • PHP Caching – Optimizes PHP performance through EAccelerator script caching.
  • FFMPEG, RED5 and related software support – RED5, FFMPEG, Mencoder, flvtool2, and all related applications.
  • Graphic Applications – Installs widely-used graphic applications NetPBM and ImageMagick.
  • Monitoring Applications – Installs MyTOP, Iptraf, and Iftop utilities to easily monitor server performance.

Security Audits:

  • Rootkit Hunter – Nightly scan to detect system intrusions.
  • Chkrootkit – Nightly scan to detect system intrusions.
  • Nobody Process Scanner – Scans for unauthorized "nobody" processes.
Guarantees



The best bike related links site on the web.
We are featured in MotoSites, the Premier Motorcycle Directory!

free hit counters