1USA Security Services for Linux Servers

Linux Server Hardening and Monitoring

Linux is a powerful and very stable operating system for production server implementations.
However, all of the tricks to make it as secure as possible do not come implemented in the normal installation!

Here's what you get:

We use custom written software programs within your machine to have it report what is happening to it.
The reports are monitored on a daily basis.
Certain machine behaviors will cause the security advisors to be paged.
Note that for many crackers, the last step of compromising a machine is to delete the incriminating log file entries to cover their tracks - - doing this does not help the cracker one bit for machines that we set up with the above monitoring (although the cracker would not know that).

Crack attempts that should be singled out for special attention are handled on a case by case basis.

You get a weekly report of all of the internet-originating hack attempts into your machine, as they are observed with our special monitoring programs.

With our special monitoring software, your machine will be on the lookout for activities that are typical for crackers. We will take action if any such activity is observed.

Using a database program, we compare the before & after. This will positively identify any changes a cracker may make to system files on the machine.

Due to this filesystem database: on RedHat machines: we maintain the redhat packages that get updated on the machine. You can help if you want but we must be aware of what one another is doing in these circumstances.
On non-redhat machines, you maintain the packages and coordinate with us for database updates.

We scan your machine on a regular basis, checking for any trojan services that may have been activated. (it doesn't even take a root compromise to run a trojan service, just a user account based one).

Three levels of performance for this service:

Level 1 service: (RedHat Linux Only)

Level 1 service is the highest quality security product that we offer.
We set up your machine from scratch, in our office, and return it to you when completed and ready to go online.
This provides for a very clean, hardened installation, many times harder to crack than what would be available out-of-the-box.
If you are not running BIND and do not expect to add services later, we may even be able to implement a custom kernel that can stop certain cracker activities in their tracks.

We can also secure the machine against on-site console compromises if needed.
With a machine that is set up this way, an on-site cracker would have to both be relatively high-skilled and would have to physically take your machine apart in order to gain root level access from the console.
(the default, unmodified install can be root compromised in under 5 minutes, in three different ways, at the console).

Level 2 service:

You would set up a brand new Linux install on a hard drive that contains no files from a previous Linux install, and before connecting it to any LAN you would set up kernel firewalling (not at your router or external firewall, but directly on your machine) to block all traffic except for our IP address, and we would take it from there.
This is the preferred method for non-RedHat servers.
If a machine is to be a RedHat Linux machine, you are much better off if you have us set up the machine from scratch instead (Level 1 service) because of the additional hardening that can be done to the machine.
If you connect to the internet to setup the computer via Downloading, by the time you are done installing the operating system - the machine may already be hacked into! Before you even have the chance to lock it down!

Level 3 service:

A Level 3 machine is a Linux machine that has been connected to the internet anytime after its most recent hard drive reformat (repartition) and operating system install. The reality is that such a machine could already be compromised by a stealthy cracker.
The computer is checked as closely as it can when you initially sign up with us, and we will be able to remove any unsophisticated crackers, but a skillful and stealthy cracker is sometimes undetectable in this situation. Such a machine is monitored and administered in the same highly-careful ways that a Level-1 or Level-2 machine is, but with the understanding that we are not dealing with a positively, known-clean initial install.

What happens if, despite our best efforts, someone gets into one of our machines?

How we handle a cracker depends on what level of access the cracker has gained, and what the person has done with the machine, and is very much a case-by-case affair.
It can vary from as little as simply changing a password and pursuing an abuse complaint with an ISP, to having you ship your hard drive to a unix filesystem expert to attempt to recover destroyed data (or, recover evidence, perhaps), up to and including making a call to the FBI in the event of financial damage.

Understand that the perspective of a good security administrator is that a machine compromise, at some level, is not a question of IF, but WHEN.
Making it difficult for a cracker to get in is only half of the game - - that effort can be ruined by one legitimate user who uses the same password on your machine as on his email somewhere else.
The other half of security administration is building the machine to be a difficult and tattle-tale environment for potential crackers who have gained any level of access.

Rates for Services:

Monthly monitoring fee for Levels 1 - 3:
1 machine: $55.00/month
Additional machines at $25.00/month each

Level 1 additional charges:
Per-Machine configuration: $400 plus shipping charges as required.

Level 2 additional charges:
Per-Machine configuration: $200

Level 3 additional charges:
Per-Machine configuration: $200, unless we have to remove existing crackers from a computer that is already compromised, and that part of it takes longer than an extra hour. Removal of existing crackers that takes longer than an hour is charged at the regular consulting rate ($55.00/hr).

Additional work:
For Level 1 - 3 security customers: we will do up to an hour per month of additional security or DOS attack related assistance, if needed, for no charge.
More than an hour will be charged at the regular consulting rate ($55.00/hr).

	Network Security Services

	Linux Server Hardening and Monitoring Linux is a powerful and very stable operating system for production server implementations. *However, all of the tricks to make it as secure as possible do not come implemented in the normal installation!* Here's what you get: We use custom written software programs within your machine to have it report what is happening to it. The reports are monitored on a daily basis. Certain machine behaviors will cause the security advisors to be paged. Note that for many crackers, the last step of compromising a machine is to delete the incriminating log file entries to cover their tracks - - doing this does not help the cracker one bit for machines that we set up with the above monitoring (although the cracker would not know that). Crack attempts that should be singled out for special attention are handled on a case by case basis. You get a weekly report of all of the internet-originating hack attempts into your machine, as they are observed with our special monitoring programs. With our special monitoring software, your machine will be on the lookout for activities that are typical for crackers. We will take action if any such activity is observed. Using a database program, we compare the before & after. This will positively identify any changes a cracker may make to system files on the machine. Due to this filesystem database: on RedHat machines: we maintain the redhat packages that get updated on the machine. You can help if you want but we must be aware of what one another is doing in these circumstances. On non-redhat machines, you maintain the packages and coordinate with us for database updates. We scan your machine on a regular basis, checking for any trojan services that may have been activated. (it doesn't even take a root compromise to run a trojan service, just a user account based one). Three levels of performance for this service: Level 1 service: (RedHat Linux Only) Level 1 service is the highest quality security product that we offer. We set up your machine from scratch, in our office, and return it to you when completed and ready to go online. This provides for a very clean, hardened installation, many times harder to crack than what would be available out-of-the-box. If you are not running BIND and do not expect to add services later, we may even be able to implement a custom kernel that can stop certain cracker activities in their tracks. We can also secure the machine against on-site console compromises if needed. With a machine that is set up this way, an on-site cracker would have to both be relatively high-skilled and would have to physically take your machine apart in order to gain root level access from the console. (the default, unmodified install can be root compromised in under 5 minutes, in three different ways, at the console). Level 2 service: You would set up a brand new Linux install on a hard drive that contains no files from a previous Linux install, and before connecting it to any LAN you would set up kernel firewalling (not at your router or external firewall, but directly on your machine) to block all traffic except for our IP address, and we would take it from there. This is the preferred method for non-RedHat servers. If a machine is to be a RedHat Linux machine, you are much better off if you have us set up the machine from scratch instead (Level 1 service) because of the additional hardening that can be done to the machine. If you connect to the internet to setup the computer via Downloading, by the time you are done installing the operating system - the machine may already be hacked into! Before you even have the chance to lock it down! Level 3 service: A Level 3 machine is a Linux machine that has been connected to the internet anytime after its most recent hard drive reformat (repartition) and operating system install. The reality is that such a machine could already be compromised by a stealthy cracker. The computer is checked as closely as it can when you initially sign up with us, and we will be able to remove any unsophisticated crackers, but a skillful and stealthy cracker is sometimes undetectable in this situation. Such a machine is monitored and administered in the same highly-careful ways that a Level-1 or Level-2 machine is, but with the understanding that we are not dealing with a positively, known-clean initial install. What happens if, despite our best efforts, someone gets into one of our machines? How we handle a cracker depends on what level of access the cracker has gained, and what the person has done with the machine, and is very much a case-by-case affair. It can vary from as little as simply changing a password and pursuing an abuse complaint with an ISP, to having you ship your hard drive to a unix filesystem expert to attempt to recover destroyed data (or, recover evidence, perhaps), up to and including making a call to the FBI in the event of financial damage. Understand that the perspective of a good security administrator is that a machine compromise, at some level, is not a question of IF, but WHEN. Making it difficult for a cracker to get in is only half of the game - - that effort can be ruined by one legitimate user who uses the same password on your machine as on his email somewhere else. The other half of security administration is building the machine to be a difficult and tattle-tale environment for potential crackers who have gained any level of access. Rates for Services: Monthly monitoring fee for Levels 1 - 3: 1 machine: $55.00/month Additional machines at $25.00/month each Level 1 additional charges: Per-Machine configuration: $400 plus shipping charges as required. Level 2 additional charges: Per-Machine configuration: $200 Level 3 additional charges: Per-Machine configuration: $200, unless we have to remove existing crackers from a computer that is already compromised, and that part of it takes longer than an extra hour. Removal of existing crackers that takes longer than an hour is charged at the regular consulting rate ($55.00/hr). Additional work: For Level 1 - 3 security customers: we will do up to an hour per month of additional security or DOS attack related assistance, if needed, for no charge. More than an hour will be charged at the regular consulting rate ($55.00/hr). Contact 1USA to sign up for this program