The security issue of IT infrastructure is very actual for any type of business. Whether it is a group of companies with an extensive branch network or an online store with 1-2 sellers.
For each server, the main purpose of which is to provide hosting for sites, the question of ensuring the protection of user data is acute.
Our company offers a server security audit service.
This service includes:
– Analysis of software versions installed on the server for compliance with current versions, deprived of known security problems. As a rule, the relevance of the following software versions is important for web servers: a mail server, a web server, a caching web server (if one is present), a programming language interpreter (for sites, for example, written in PHP), ftp server, web applications (to provide simplified access to certain server settings and working with data);
– Analysis of web server settings, related software settings for compliance with the basic requirements for security;
– Analysis of operating system settings. This item analyzes the main points related to the potential for an attacker to take control of a server. As a rule, the settings of the ssh server and options for working with hard drives are inspected;
– Analysis of access rights to the main files and folders of the system containing confidential information. As a rule, this item examines the main system folders, server control panel files, directories with backups, user folder permissions;
– On a server that is suspected of being compromised and could be used by malicious users to conduct malicious actions, our specialists will take the necessary measures to clean it from malicious programs and prevent this situation from happening again;
The work we do on the server complies with the “Guide to the Secure Configuration of Red Hat Enterprise Linux ″ published by the US National Security Agency.