Secure CentOS Build

[adrianna]

I would like to know if you guys provide a secure CentOS build.

Thanks.

[Edge100x]

What do you mean by "secure"?

We provide a default install that you can secure to the extent you desire.

[adrianna]

What do you mean by "secure"?

We provide a default install that you can secure to the extent you desire.

I would like to know if you offer a CentOS harden service?

[soja]

Apart from managed servers, your machine/vds is left to you to manage/configure. I am sure there are some third party services you could opt for, but I have never heard of NFO offering something like this.

[adrianna]

Edge100x, how can I contact you directly to further explain my requirements? Thanks.

[Edge100x]

You can email us at support@nfoservers.com with further questions, yes.

As soja said, we do not offer managed services aside from managed game server hosting, so it would be up to you to harden your own CentOS installation, and maintain it.

[soja]

With that said, I can't imagine it would be difficult. Making a Firewall whitelist for things like SSH is very easy with NFOs firewall tab, and as long as you don't install a bunch of programs that have security vulnerabilities, and keep your software up to date, you should be fine.

We created a whitelist for our SSH on our web hosting VDS, and we have the occasional attempt to brute force our email server, but they never get in(we use complex passwords and non-standard account names). If you are looking into web hosting, get a cpanel VPS license(about $15/m) which will handle a lot of stuff like alerting you to large amounts of login attempts to ssh/smtp/pop3 etc, and will alert you whenever someone logs into ssh. We got ours from http://www.licensepal.com/

[Edge100x]

Whitelisting SSH (and blocking everyone else) through the Firewall page is a great idea, since it's easy for you to remove or change the entry without needing to even log in to the VDS.

The #1 and #2 most important security measures are strong passwords and keeping all software up-to-date. With just those two, you eliminate most openings. Beyond those, there are many smaller steps that you can take, such as compartmentalizing access as much as possible (different users for different tasks, chroot jails, SELinux, etc), additional firewall rules, an IDS, closing off access to services meant to be used only internally, and so on.

[barricas]

Even better, you can setup to for SSH to use private keys only.
I think CPanel can config that for you, a free alternative is Webmin I think it also has the ability to set up it easily.

[adrianna]

Thanks for the replies. It is not for web hosting nor gaming.

[Edge100x]

What I said applies to all types of services -- those are just general best practices.