Our Company Our Network - Server Security
      Welcome to our extensive Network section. Here you can find details on the FortressITX data center, its network, connectivity plus facility images and network maps.

 
Overview
Network Map
Data Center Tour
Server Security
Server Status







 
CLIENTS QUOTES


Hostnexus provided me with a low cost alternative to slowly develop a large number of sites. I've learned a lot with the value added services not available with many hosts out there.

Debbie Weber,
mobstory.com
more
   

Service Updates
The easiest way to get hacked is if you don't keep your software up to date. This is particularly true of vulnerable services like OpenSSL and ModSSL. We have 3 admins that are constantly upgrading our servers to make sure they are up to date.

SSH Access
We have never allowed SSH access on our servers as enabling even limited commandline access poses significant risks. Jailed shell environments can be broken out of and root privileges gained by someone with intermediate SSH skills.

OpenWall
The kernel is the heart of the server and the basic linux kernel needs hardening just as other services need shoring up. We compile OpenWall (http://www.openwall.com/) into all our kernels which gives us an extra line of defence against kernel buffer overflow exploits. Kernels are updated as soon a new one comes out as a kernel root exploit is always going to be the quickest way to get compromised.

Firewall
Hosts have long since employed firewalls to control the traffic inbound to their server but what most don't realise is that you must control what goes out to. Just in the way that Norton or Zone Alarms protects your PC against trojans leaving your computer to signal the hacker of its compromise, we have a strict firewall that prevents PHP from connecting to external hosts.

The most common low-level hack is from script kiddies who will upload a script to a server via a vulnerability in an old script. They then and use that script to connect to a remote phpshell script on another server. From that remote location, they can then execute commands on the server with Apache privileges (not root) and cause mischief like dumping dos and flood programs into executable directories like /tmp. Our 2-way firewall stops this dead. If you have a php script that needs to connect an external host, all you need to do is issue a ticket asking for access to be enabled and we will whitelist the external host in our firewall.

Since employing this unique approach, we have not had a single situation of "script kiddie mischief" using remote phpshells. As far as we are aware, there are not alot of hosts that have such a system in place as the firewall rules are quite complex and need to be written from scratch. It's something that our admins are very proud of and it works extraordinarily well without affecting the usability of PHP overall.

Other Measures
We employ other security measures like intrusion detection systems, logwatch and many other systems and these combine to make a vert secure and stable platform. Security at HostNexus is taken very seriously!

Next: [ Server Status ]


  homecommunitycontactlogin  
 
our company solutions cheap plesk 5 hosting support resellers order now sitemap
 
Copyright ©2001 - 2006, The Nexus Network
HostNexus |  NexusWebs |  NexusDomains |  Nexology
All Rights Reserved. Terms and Conditions of Use. Privacy Policy. Refund Policy
HostNexus Site Design by Ceonex.com