IT_Architect
Verified User
- Joined
- Feb 27, 2006
- Messages
- 1,094
The reality is that security is getting to be a bigger and bigger part of a web host admin's responsibility. I would like to propose a Security section in the CP to serve as the place to go to manage the security aspects of the server. It also allows you to add items later in this category.
I'm sure you can think of a lot of other things that should be in there but for starters:
Secure DirectAdmin out of the box
People can get a commercial cert later, but there is no reason that I can think of for not forcing secure login with at least a self-signed cert.
Enforce Strong Passwords
Have this setable at the control panel level. May want to make it the install default.
Update Notifications:
- Update notification e-mail address.
- Notifications yes/no
- Update services automatically yes/no (Apache, MySQL, etc.)
- Update web apps automatically yes/no (Webmail, phpMyAdmin, etc.)
DA Bruteforce
Expose parameters such as these to project DirectAdmin
bruteforcecount=5 (5 attempts)[Null or zero turns it off]
bruuteforceperiod=2 (in 2 minutes)[Null or zero turns it off]
bruteforcetimeout=30 (blacklist for 30 minutes.) [Null or zero for manual removal]
Secure E-Mail
People are giving away their e-mail and passwords at airports and coffee shops.
Secure E-Mail
You have all of the pieces now. Just add something that allows the capability to turn off insecure pop3, smtp, and 587.
Secure HTTPS
Here you might need to do a little work to work with the various web apps.
Ability to disable FTP and FTPS and enforce SFTP
FTP & FTPS are not secure. Even the free FTP clients will do SFTP. This allows secure FTP access without giving shell privileges.
Firewall Plugin area
An area set aside in the Security section for firewall plugins, and a "How To" to encourage plugin development. Some ideas would be a way to add firewall configs similar to what you have now in File Editor.
Secure PHP
Major distros these days install the Suhosin patch by default. That goes without saying. However, the suhosin extension is where the action is and potential issues. This almost needs to be per domain so exceptions can be added for extra long variable names, allowed remote execution of scripts on certain sites. It would be a piece of cake to have an include on the php.ini and expose it and its parameters here like you do in File Editor. This is needed anyway for secure php builds so you have access to parameters parameters also to enable disabled functions you need. This could be in your current php system.
Get people talking about your organized, documented, and maintainable security to set yourself apart.
Thank you for your consideration.
I'm sure you can think of a lot of other things that should be in there but for starters:
Secure DirectAdmin out of the box
People can get a commercial cert later, but there is no reason that I can think of for not forcing secure login with at least a self-signed cert.
Enforce Strong Passwords
Have this setable at the control panel level. May want to make it the install default.
Update Notifications:
- Update notification e-mail address.
- Notifications yes/no
- Update services automatically yes/no (Apache, MySQL, etc.)
- Update web apps automatically yes/no (Webmail, phpMyAdmin, etc.)
DA Bruteforce
Expose parameters such as these to project DirectAdmin
bruteforcecount=5 (5 attempts)[Null or zero turns it off]
bruuteforceperiod=2 (in 2 minutes)[Null or zero turns it off]
bruteforcetimeout=30 (blacklist for 30 minutes.) [Null or zero for manual removal]
Secure E-Mail
People are giving away their e-mail and passwords at airports and coffee shops.
Secure E-Mail
You have all of the pieces now. Just add something that allows the capability to turn off insecure pop3, smtp, and 587.
Secure HTTPS
Here you might need to do a little work to work with the various web apps.
Ability to disable FTP and FTPS and enforce SFTP
FTP & FTPS are not secure. Even the free FTP clients will do SFTP. This allows secure FTP access without giving shell privileges.
Firewall Plugin area
An area set aside in the Security section for firewall plugins, and a "How To" to encourage plugin development. Some ideas would be a way to add firewall configs similar to what you have now in File Editor.
Secure PHP
Major distros these days install the Suhosin patch by default. That goes without saying. However, the suhosin extension is where the action is and potential issues. This almost needs to be per domain so exceptions can be added for extra long variable names, allowed remote execution of scripts on certain sites. It would be a piece of cake to have an include on the php.ini and expose it and its parameters here like you do in File Editor. This is needed anyway for secure php builds so you have access to parameters parameters also to enable disabled functions you need. This could be in your current php system.
Get people talking about your organized, documented, and maintainable security to set yourself apart.
Thank you for your consideration.
Last edited:
