|
|
Why
going with L3server?
L3server provides fully managed dedicated
servers to businesses concerned about
data security. What makes us different
is (a) our implementation of a whole catalogue
of security programs and patches, customized
to meet the special hosting requirements
of your business. (b) We only provide
first class quality hardware (Dell server
hardware, HP 24-port switches, etc.).
(c) All this in our location inside the
Level(3) data center in Hamburg, Germany
(our office is 10 minutes away) with the
most advanced technology, a great network
within Europe and to the United States,
and with mostly Level(3) bandwidth. Network
uptime is as close to 100% as you can
get. (d) Our support is outstanding.
Fully
Managed Security Servers
<<------------------>> Self-Managed
Servers
|
Server
Security:
What
are we doing for your server security?
|
Security
Patching #1 |
|
Security
Patching #2 |
| |
Iptables
firewall (APF)
Brute force detection (BFD)
Process Resource Monitor (PRM)
Stop unnecessary processes
Logcheck
Logwatch
Tripwire
Server Configuration check
openSSH configuration check
Rootkit Hunter
Chkrootkit
mod_security
mod_evasive
Host spoof protection
Operating system update configuration check
Name server configuration check if required
Disk check
Kernel check
Apache check
Enhanced log rotation
Additional backup rotation for local backups
Additional backups
Securing tmp directories
Exploit check
Upgrade vulnerable apps
MRTG graphs |
|
Iptables
firewall (APF)
Brute force detection (BFD)
Process Resource Monitor (PRM)
Stop unnecessary processes
Logcheck
Logwatch
Tripwire
Server Configuration check
openSSH configuration check
Rootkit Hunter
Chkrootkit
mod_security
mod_evasive
Host spoof protection
Operating system update configuration check
Name server configuration check if required
Disk check
Kernel check
Apache check
Enhanced log rotation
Additional backup rotation for local backups
Additional backups
Securing tmp directories
Exploit check
Upgrade vulnerable apps
MRTG graphs |
| |
Explanation
of Terminology:
|
|
File
Manager/Console script
Operating system updates if required
Perl installation check and repair if required
Enhanced path protection
Remove SUID/GUID from binaries if not required
PHP hardening
Exploit cleanup if required
Kernel upgrade if required
Apache upgrade if required
Mailman performance if required
MySQL query cache |
BFD
- installation and configuration - Brute
Force Detection
PRM
- installation and configuration - Process
Resource Monitor
Stop unnecessary server services
- reduces security risks and frees server
resources
Logcheck - installation,
configuration, tuning, hourly email updates
- The logcheck tool allows summaries of
log file entries to be mailed to a system
administrator via a cron job. These summaries
can alert the administrator(s) to any
anomalous events upon the system, from
errors with daemons to intrusion attempts.
Logwatch - upgraded to the
latest secure release for the best reporting
Tripwire
- installation, configuration, tuning,
daily email updates - Intrusion Detection
System
Configuration check
in control panel to make sure you have
sensible and secure options chosen
OpenSSH
modification - allow
only SSH2 connections
Rootkit
Hunter - 2 * daily email
updates - rootkit (i.e. hacking) detection
tool
Chkrootkit
- 2 * daily email updates - rootkit (i.e.
hacking) detection tool
mod_security
- installation, configuration with initial
directives - intrusion detection and prevention
engine for web applications
mod_evasive
- installation, configuration with initial
directives - provides evasive action in
the event of an HTTP DoS or DDoS attack
or brute force attack through Apache
MRTG
- provides server-wide performance graphs
Additional Backup rotation
- for local backups (to backup disk),
modification to keep 7 days of daily backups
in addition to the standard single Daily,
Weekly, Monthly
Additional Backup -
secures /etc, /root and MailScanner files
/usr/mailscanner to local backup disk
Enhanced Log Rotation
- to do the logs cPanel forgot about
Libsafe
- helps protect against buffer overflow,
stack smashing and format string vulnerabilities
Kernel upgrade if necessary
to the latest OS vendor release
Secure /tmp /var/tmp /dev/shm
partition or create if required
to help prevent exploitation of the server
through cPanel provided apps
Mailman tuning for
mailing lists to even out load on the
mail server
Hard Disk check to
ensure they're running optimally
Upgrade Vulnerable apps
available in the Addon Script Manager
to protect against exploitation of the
server through vulnerable cPanel user
application installations
Update Operating System
to latest vendor releases if necessary
Delete unnecessary OS users
to reduce security risks
Enhanced path protection to prevent
users from easily browsing system directories
PHP Hardening disables the ability
to load Dynamic Libraries which can be
used to exploit PHP and disables MySQL
persistent links to protect against MySQL
DOS attacks and lessen MySQL load
Exploit check to make sure you
haven't already suffered a server compromise
Exploit cleanup if you've been
infected with a PHP/CGI worm
Initial cPanel configuration
if required
MySQL query cache enhances performance
for MySQL driven applications (esp. forums)
|
Add-On
Pricing (order
here)
| Unique
IP Addresses, Block of 8 IPs |
$12 /month |
| Bandwidth
Overcharges |
$28 /month
per 50 GB block |
| RAM
Upgrades |
512 MB -
$18/month; 1024 MB - $30/month |
| Work
Order |
$80 /hour
(minimum: half an hour) |
| |
|
|
Dell
Xeon 3.2 GHz/2MB
Intel
DualCore Server
