Default operating system installations aren't necessarily secure. Server hardening is the process of tuning the server operating system to increase security and help prevent unauthorized access. We at NII know each environment is unique and we work with you to design a server hardening plan that works with your applications while increasing security and stability. Many of the hardening items are automatically checked on daily basis with our 24 x7 x 365 monitoring and managed services where we closely monitor all critical network and server components in your environment. We also proactively notify you of critical hardware and operating system security alerts.
NII’s on-site server security engineers perform regular security maintenance on your systems around the clock. Our experienced professionals will ensure that the hardening standards are in place and in line with industry benchmarks, and that your servers are patched and configured to comply with these standards. Non-compliant items will be fixed in a time-bound manner whilst ensuring first and foremost that functionality is not being impacted.
Linux Server Hardening:
Linux servers provide a great application hosting platform for LAMP-stack applications such as Wordpress, Joomla and Drupal. Here are some categories NII focuses on when securing a Linux server:
- SSH Server Hardening
- Apache / Nginx Hardening
- FTP Server Hardening
- Local Firewall Hardening
- Software-Specific Hardening
- (Control Panel Software)
- Kernel Updates, Software Repository Hardening
- Automated User Password Aging / Lockout
- Unnecessary Service Audit
- Kernel-Level Hardening
- File and Directory Permissions Audit
Microsoft Windows Server Hardening:
- Remote Desktop Protocol Hardening
- Windows Registry Key Hardening
- Group Policy Audit and Hardening
- Service Audit and Lockdown
- Password Policy Audit and Lockdown
- Firewall Audit and Configuration
- Audit Policy Configuration
- Service Pack / Hotfix Audit and Remediation
- File System Permission Audit
- Anti-virus Configuration and Management
Patch and Remediation Management
Our teams work with your existing patch management solution to ensure all critical systems have all critical security patches applied within a timeline that is aligned to the exposure of the systems. We also ensure that the patching mechanisms covers not only the standard operating system patches, but also those that might be applicable to databases and critical endpoint software such as Microsoft Office, Java, Adobe, browsers, etc.
Scheduling server patches -- Patch deployment may not be necessary every month if the vulnerabilities identified do not apply to the servers. However, in the event that no patches are needed, the servers will be rebooted every month, unless there is a customer need to remain available. With the large number of patches from Microsoft, you should assume that there will be critical patches every month and that patches will need to be installed with a reboot to follow.
There is a risk that something won't function properly after the updates. This is very rare and in most cases, a patch can be uninstalled. The patching schedule takes this risk into consideration, and patches are applied to test, development, and non-critical systems first to mitigate potential failures.