Asylum Lockdown
Firewall & Brute Force Protection
Advanced Policy Firewall (APF) is installed and configured.
Ports which are not used by cPanel are firewalled off to maximize the security
of your server, the TCP/IP stack is hardened, and ICMP rate limiting is enabled
to prevent DoS attacks. Additionally, Brute Force Detection (BFD) is installed
which detects brute force attacks against your server and automatically denies
access to attackers.
Anti-Spam & Anti-Virus Protection
Realtime Blackhole List (RBL) filtering is configured for anti-spam protection
on your server. The configuration, and combination of nearly 10 blacklists, is
designed to maximize spam filtering while keep false positives to an absolute
minimum. Liquid Web maintains local mirrors of these blacklists for maximum server
performance. Updates are made approximately every 30 minutes to ensure your server
is constantly protected.
HTTP DoS Prevention
DDoS-Deflate is installed for Apache. This module provides evasive action in
the event of an HTTP DoS or DDoS attack or brute force attack and works well
in both single-server script attacks as well as distributed attacks.
Attacking hosts are blocked temporarily from Apache while legitimate requests are
allowed through.
HTTP Intrusion Protection
ModSecurity intrusion detection and prevention engine is installed for Apache.
This module increases web application security, protecting web applications from
both known and unknown attacks. The customized ruleset Liquid Web provides protects
from a wide variety of common HTTP attacks, such as phpBB exploits. If a new exploit
is released, your server can be protected in as little as 15 minutes as we push out
ruleset updates.
Server Hardening
Besides our initial system audit, which ensures proper installation of the
Operating System and control panel and all packages are at the latest patch level,
Asylum WS performs many other security tweaks to your server.
All unnecessary services are disabled, and unused packages are removed.
SSH is hardened, and kernel operating variables are tweaked to add additional
security without impacting any use of the server.
Asylum WS also enables more security features to defend against SYN based DoS
attacks, DNS poisoning and spoofing protection.
Exhaustive List
Server Hardening & Security
Advanced Configurable firewall to block off unused ports and increase system security.
Detects and blocks brute force attacks.
ClamAV scans incoming and outgoing email for viruses, worms, and trojans.
Real-time Blackhole List (RBL) filtering is enabled using custom Asylum WS rulesets.
Looks for commonly used rootkits, backdoors, and exploits. Also checks for other signs of intrusion.
Looks for commonly used rootkits, backdoors, and exploits. Also checks for other signs of intrusion, and tests system binaries.
DoS and brute force prevention for Apache.
HTTP Intrusion Protection System for filtering exploits. Customized ruleset used.
Disables any services which are not needed for normal system operation.
Removes any extraneous packages to remove potential attack and DoS vectors while reducing system footprint.
Secure /tmp, /var/tmp and other directories to prevent against unauthorized binary upload and execution.
Strengthens file permissions on many world-writable directories.
Hardens SSH server to prevent against possible attack vectors.
Enforces PAM resource limiting to prevent against attacks.
Modifies kernel operating values to strengthen TCP/IP stack against various attacks including syn floods.
Applications
Graphics software package commonly used by many web applications.
Graphics software package commonly used by many web applications.
Compresses HTTP traffic to speed up web-browsing times for your visitors.
Recopiles Apache with commonly used Apache and PHP modules and settings for maximum performance and compatibility.
MySQL TOP tracks MySQL usage in an interface similar to the Unix 'top' command.
Detailed command-line bandwidth statistics tracking utility.
Command-line utility to see track bandwidth usage based on connecting hosts.
Initial System Audit
Stresses CPU, Memory Subsystem, I/O Subsystem, Hard Disks for quality control and compatability purposes. *Standard on all Asylum Web servers.
Determines memory is free from any errors which could cause stability issues. *Standard on all Asylum Web servers.
Ensures all Operating system components are functional and up-to-date.
Ensures WHM has been installed and configured.
Ensures kernel is at the latest OS-release version.
Ensures backups have been configured to the backup drive in your server or remote backup space (if applicable).