Best Security Practices

[SenseiSteve]

Server Hardening

According to the Massachusetts Institute of Technology, “By not applying a patch you might be leaving the door open for a malware attack. Malware exploits flaws in a system in order to do its work. In addition, the time-frame between an exploit and when a patch is released is continually getting shorter.

Defects in clients like web browsers, email programs, image viewers, instant messaging software, and media players may allow malicious websites, etc. to infect or compromise your computer with no action on your part other than viewing or listening to the website, message, or media.”

How would you know if your web hosting provider employs best security practices when hardening your server?

 

[stwhosting]

Security play a major role...without security no any Datacenter works they use anti DDoS protection and fire safety and cctvs and many advance technology

regards,

 

[bigredseo]

Server Hardening
How would you know if your web hosting provider employs best security practices when hardening your server?

For the most part, people wouldn't. Sure you can check the PHP version and see if that's updated (of course some use older versions and run security patches but don't change the version), but in the grand scheme of things, the majority of people can only TRUST that the host has made the updates.

There are some remote vulnerability tests that can be run, but in doing so, you're essentially trying to find a backdoor to exploit, which then falls against the terms of service for the host. So even testing to see if there's an exploit can be a violation.

I like working with hosts that have a public-facing roadmap with regards to things they've done or are doing. Things like disclosing maintenance windows or alerts about kernel updates etc - but again, anyone can use grep and change a number, it doesn't mean it's actually patched.

 

[izumi777]

Always update OS and all software in a server to the latest version. This would help.