• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Security Requirement List of Hosting Company

D

DirtylilTechBoy

Senior member
Hi,

A web hosting company, "Cybercon.com" will be setting up my company's servers for me. We will have several W2K servers, several Linux servers, and several freebsd servers.

I would like to assemble a list (bulleted) of requirements or things that the hosting company needs to perform in order to make sure that the servers are secure.

Is there anywhere I can go where someone has listed security must-do's for each OS? I don't want to understand everything, I just need to know that this company has done everything they can to fill all holes.

If anybody has any specific must-do's they feel must be mentioned please do so, I will greatly appreciate it.
 
For linux:
Search places like www.google.com/linux, linuxdoc.org for security guides.

FreeBSD:
Search places like www.google.com/bsd, freebsd.org for security guides.

Win2k:
Microsoft sets these up perfectly right? Search places like www.google.com, microsoft.com for security guides.

If I get around to it, Ill finish my "Basic security in 10 steps guide" and post it up and send you a pm with a link to it 😛
 
Thanks for the guidance. I've already read tons of how-to's, etc. but what I was really looking for was a "To-do" list that didn't really explain any whys or what fors, but more of a bulleted list like

1. remove all daemons and programs not needed
2. setup ip tables bla bla

O, and check out Cybercon.com. They aren't a con by any means, as I have already seen their datacenter. They already have a few on site unix admins that have their own security ideas (sharp guys), but I'm looking for a two-three page to do list that I can use to counterbalance their approach.

Either way, thanks for the help.
 
1. Choose quality software
2. learn how to install and properly configure that software
3. install a minimum os
4. disable everything and patch the system
5. install extras (necessary items not installed by default)
6. remove cruft (stuff thats installed by default that is not absolutely necessary)
7. remove setuid and setgid bits from software that does not really need it
8. install a checksum program to take inventory of your system and burn that to cd or put it on other unwritable media
9. reboot
10. make sure everything is running as it should be and is properly configured
11. have a beer
12. double check everything
13. take a nap
14. triple check everything
15. put it on the net for the first time
 
Originally posted by: n0cmonkey

10. make sure everything is running as it should be and is properly configured
11. have a beer

And if it doesn't work/run properly, have a shot of JD. 🙂
Click to expand...
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top