System security audit
Most companies do not pay enough attention to security audit web applications ssh / ftp access to the server. This is due, above all, the desire to reduce non-productive costs. However, due to improper risk management, saving on site safety audit, you may lose money and customers.
Security auditing is especially important for companies that have successfully integrated Web applications into their own business processes, process personal data or financial information. Business of such companies suffer the hardest from hacking.
Our security audit services of servers aimed at identifying vulnerabilities and assist with their removal. So as our monitoring of the server will instantly show deviations from the normal operations.
Server security infrastructure setup:
- system firewall configuration (iptables, ipfw);
- brute force attack prevention using software such as fail2ban, sshguard for web, mail, ftp, ssh services protection;
- spoofing prevention;
- SYN-traffic limitation;
- disabling of unused services;
- access restriction;
- rootkit search;
- temporary directories execution prevention;
- antivirus installation (clamav);
- inetd/xinetd/tcp-wrappers configuration;
- TLS/SSL encryption used in the server software;
- Configure alert service of a server malfunction (syslog, logwatch), installation and configuration of etckeeper (control of configuration files);
- VPN/Tunnel configuration (PPTP, OpenVPN, IPSec).
We offer such services:
- general inspection of the site, search for potential vulnerabilities;
- search for errors, flaws of the site;
- full scan of custom site settings;
- checking for server software vulnerabilities;
- search for open for reading or writing from outside of important directories or files;
- testing intrusions, social engineering;
- analysis on the possibility of hacking the site by other methods.