Security & Firewall (csf)

Peace of Mind, Absolutely Free.
This is an exclusive RebelNetworks service which is designed to save you both time and resources. This initial setup option provides many additional services and modifications to the default Operating System and CPanel installation which greatly enhances the security, reliability, and compatability of your server and software. What would have normally taken you hours of installation work, or the hiring of an outside systems administrator, is now done for you by RebelNetworks. Your server is locked down, ready to run, as soon as you receive it.\

Featured Services

	FIREWALL PROTECTION Advanced Policy Firewall (APF) is installed and configured. Ports which are not used by CPanel are firewalled off to maximize the security of your server, the TCP/IP stack is hardened, and ICMP rate limiting is enabled to prevent DoS attacks. Additionally, Brute Force Detection (BFD) is installed which detects brute force attacks against your server and automatically denies access to attackers.  Rebelnetworks also enables more security features to defend against SYN based DoS attacks, DNS poisoning and spoofing protection.
	ANTI-SPAM / ANTI-VIRUS PROTECTION Realtime Blackhole List (RBL) filtering is configured for anti-spam protection on your server. The configuration, and combination of nearly 10 blacklists, is designed to maximize spam filtering while keep false positives to an absolute minimum. RebelNetworks maintains local mirrors of these blacklists for maximum server performance. Updates are made approximately every 30 minutes to ensure your server is constantly protected.
	HTTP INTRUSION PROTECTION ModSecurity intrusion detection and prevention engine is installed for Apache. This module increases web application security, protecting web applications from both known and unknown attacks. The customized ruleset provides protects from a wide variety of common http attacks, such as PHPBB exploits. If a new exploit is released, your server can be protected in as little as 15 minutes as we push out ruleset updates.
	SERVER HARDENING Besides our initial system audit, which ensures proper installation of the Operating System and control panel and all packages are at the latest patch level, performs many other security tweaks to your server. Temporary directories and shared memory locations are secured to prevent against rogue files being uploaded or executed on the system. All unnecessary services are disabled, and unused packages are removed. Fetching programs, which are commonly used in exploit attempts are restricted to superuser access only. SSH is hardened, and kernel operating variables are tweaked to add additional security without impacting any use of the server. For a full list of performed services, please see below.
	HTTP DOS PREVENTION ModEvasive is installed for Apache. This module provides evasive action in the event of an HTTP DoS or DDoS attack or brute force attack.and works well in both single-server script attacks as well as distributed attacks.  Attacking hosts are blocked temporarily from Apache while legitimate requests are allowed through.
	DAILY SECURITY AUDITS installs our own security scripts which run daily to look for signs of system intrusion or exploits which could threaten the health of your system. Rootkit Hunter and Chkrootkit are also installed and scan the system daily. If any anomalies are discovered, our technicians are alerted and can manually investigate to ensure your server is secure.