Default operating system installations aren't necessarily secure. Server hardening is the process of tuning the server operating system to increase security and help prevent unauthorized access. We at NII know each environment is unique and we work with you to design a server hardening plan that works with your applications while increasing security and stability. Many of the hardening items are automatically checked on daily basis with our 24 x7 x 365 monitoring and managed services where we closely monitor all critical network and server components in your environment. We also proactively notify you of critical hardware and operating system security alerts. NII’s on-site server security engineers perform regular security maintenance on your systems around the clock. Our experienced professionals will ensure that the hardening standards are in place and in line with industry benchmarks, and that your servers are patched and configured to comply with these standards. Non-compliant items will be fixed in a time-bound manner whilst ensuring first and foremost that functionality is not being impacted. Linux Server Hardening:

Linux servers provide a great application hosting platform for LAMP-stack applications such as Wordpress, Joomla and Drupal. Here are some categories NII focuses on when securing a Linux server:

SSH Server Hardening

Apache / Nginx Hardening

FTP Server Hardening

Local Firewall Hardening

Software-Specific Hardening

(Control Panel Software)

Kernel Updates, Software Repository Hardening

Automated User Password Aging / Lockout

Unnecessary Service Audit

Kernel-Level Hardening

File and Directory Permissions Audit

Remote Desktop Protocol Hardening

Windows Registry Key Hardening

Group Policy Audit and Hardening

Service Audit and Lockdown

Password Policy Audit and Lockdown

Firewall Audit and Configuration

Audit Policy Configuration

Service Pack / Hotfix Audit and Remediation

File System Permission Audit

Anti-virus Configuration and Management

Our teams work with your existing patch management solution to ensure all critical systems have all critical security patches applied within a timeline that is aligned to the exposure of the systems. We also ensure that the patching mechanisms covers not only the standard operating system patches, but also those that might be applicable to databases and critical endpoint software such as Microsoft Office, Java, Adobe, browsers, etc. Scheduling server patches -- Patch deployment may not be necessary every month if the vulnerabilities identified do not apply to the servers. However, in the event that no patches are needed, the servers will be rebooted every month, unless there is a customer need to remain available. With the large number of patches from Microsoft, you should assume that there will be critical patches every month and that patches will need to be installed with a reboot to follow. There is a risk that something won't function properly after the updates. This is very rare and in most cases, a patch can be uninstalled. The patching schedule takes this risk into consideration, and patches are applied to test, development, and non-critical systems first to mitigate potential failures.