thehoundog
Verified User
Greetings fellow computer junkies...
*** I am inviting any hardening offers ***
I am recovering from a disaster hardening incident.
I hired this company to harden our new FreeBSD server.
He took about 22 hours to finish. Yea, this scarred me some...
Then when fixes needed applying the next day, he took another 15 or so hours to set up dns and 1 domain ( Direct Admin ).
That last part was my idea, since the set-up was not right when i was setting up domain 1, I figured to get him to get the first domain 1 so the rest would not run into any problems. My mistake.
At this point with this person in the box for about 36 hours now I am extremely unsure of what is on my box and how secure it really is, at least from that person anyway.
Oh, I should add that he refused to disclose what exactly he did. When I requested a summery, he sent this summery:
> This list is not complete but here is what I have on
> the list:
>
> - firewall installation and configuring
> - secure level increased to level one
> - web server configured to be protected by mod_sec
> against code injection, dos and remote exploits
> transmitted over http
> - kernel configured against traffic storm attacks
> - /tmp has been secured
> - direct root login disabled
> - proftpd disabled per customer request then re
> enabled per customer request
> - syslogd remote logging disabled
Which as I see it tells me basically nothing in terms of supporting the server and or the hardening that was preformed.
So, for lack of any other solution, we are reformatting the HD and rebuilding. This has cost me allot, but without the peace of mind, what's the point in hardening, why not just let everyone one have a big old Orgy with your server right ?
Bullsh**... I hope I am not the only one who see this the way i am, because i could be wrong about this guys service, but i think I have a right to know exactly what he did - don't I ?
======= SOLUTION ===============
I am considering another service.
This one includes the following - and I would appreciate any feedback to help me plug any holes it may have, it seems like some of the stuff listed is not for a New box, or some of it is redundant, and in my limited view, it seems a little incomplete.
Maybe I'm wrong here too, please advise.
* Bold = seems not for new box, or redundant listing.
FreeBSD Security Advanced - $75 one-time fee ( ORDER NOW )
* Thorough security audit
* Installation and configuration of firewall (IPFirewall / IPFilter / PacketFilter)
* Installation of security updates as released by OS/Control Panel vendor
* Installation of custom software as desired by customer
* Configuration changes as desired by customer
* Disabling of unused and insecure services (telnet, finger etc)
* Removal of insecure packages and unnecessary software
* Regular scans for easy-to-guess users passwords
* Log auditing for unusual activity
* Investigating hacking attempts
* Restoring files from backup
* Anti-spam configuration
* Anti-virus configuration
* Anti-DoS/DDoS kernel code tweaking
* Default system users removal
* SSH server hardening
* Mod_Security (Intrusion detection and prevention engine for web applications)
* Securing /tmp directory
* Kernel tuning with sysctl
* CHkrootkit (reports sent daily)
* Smartd (HDD Reliability monitor)
* Snort (Network Intrusion Detection System)
* Acid (Analysis Console for Intrusion Databases)
* Tripwire (keeps track of every file being moved/edited in the system)
* MRTG / RRDTool (Bandwidth Usage Monitor) ? DirectAdmin
* Nessus (Security scanner) = redundant to listed item # 1.
* HostSentry (trace suspicious user's activity, unknown user logins etc)
* Local file permissions and suid bits checkup.
Thanks everyone for your Support.
It does make the world spin a little easier
*** I am inviting any hardening offers ***
*** I am inviting any hardening offers ***
I am recovering from a disaster hardening incident.
I hired this company to harden our new FreeBSD server.
He took about 22 hours to finish. Yea, this scarred me some...
Then when fixes needed applying the next day, he took another 15 or so hours to set up dns and 1 domain ( Direct Admin ).
That last part was my idea, since the set-up was not right when i was setting up domain 1, I figured to get him to get the first domain 1 so the rest would not run into any problems. My mistake.
At this point with this person in the box for about 36 hours now I am extremely unsure of what is on my box and how secure it really is, at least from that person anyway.
Oh, I should add that he refused to disclose what exactly he did. When I requested a summery, he sent this summery:
> This list is not complete but here is what I have on
> the list:
>
> - firewall installation and configuring
> - secure level increased to level one
> - web server configured to be protected by mod_sec
> against code injection, dos and remote exploits
> transmitted over http
> - kernel configured against traffic storm attacks
> - /tmp has been secured
> - direct root login disabled
> - proftpd disabled per customer request then re
> enabled per customer request
> - syslogd remote logging disabled
Which as I see it tells me basically nothing in terms of supporting the server and or the hardening that was preformed.
So, for lack of any other solution, we are reformatting the HD and rebuilding. This has cost me allot, but without the peace of mind, what's the point in hardening, why not just let everyone one have a big old Orgy with your server right ?
Bullsh**... I hope I am not the only one who see this the way i am, because i could be wrong about this guys service, but i think I have a right to know exactly what he did - don't I ?
======= SOLUTION ===============
I am considering another service.
This one includes the following - and I would appreciate any feedback to help me plug any holes it may have, it seems like some of the stuff listed is not for a New box, or some of it is redundant, and in my limited view, it seems a little incomplete.
Maybe I'm wrong here too, please advise.
* Bold = seems not for new box, or redundant listing.
FreeBSD Security Advanced - $75 one-time fee ( ORDER NOW )
* Thorough security audit
* Installation and configuration of firewall (IPFirewall / IPFilter / PacketFilter)
* Installation of security updates as released by OS/Control Panel vendor
* Installation of custom software as desired by customer
* Configuration changes as desired by customer
* Disabling of unused and insecure services (telnet, finger etc)
* Removal of insecure packages and unnecessary software
* Regular scans for easy-to-guess users passwords
* Log auditing for unusual activity
* Investigating hacking attempts
* Restoring files from backup
* Anti-spam configuration
* Anti-virus configuration
* Anti-DoS/DDoS kernel code tweaking
* Default system users removal
* SSH server hardening
* Mod_Security (Intrusion detection and prevention engine for web applications)
* Securing /tmp directory
* Kernel tuning with sysctl
* CHkrootkit (reports sent daily)
* Smartd (HDD Reliability monitor)
* Snort (Network Intrusion Detection System)
* Acid (Analysis Console for Intrusion Databases)
* Tripwire (keeps track of every file being moved/edited in the system)
* MRTG / RRDTool (Bandwidth Usage Monitor) ? DirectAdmin
* Nessus (Security scanner) = redundant to listed item # 1.
* HostSentry (trace suspicious user's activity, unknown user logins etc)
* Local file permissions and suid bits checkup.
Thanks everyone for your Support.It does make the world spin a little easier
*** I am inviting any hardening offers ***
