Hello all.
Ive just signed up for their raq3 deal and while its being processed, i want to find out couple things about collocated servers. First of all, do most of you rely on security of the providers' firewalls(if such exist)? Are there any security measurements taken by collocation providers and 4webspace/tera-byte in particular? If so, to what extent? Do they close or hide certain ports(Which would be very limiting for people who may run non-standard servers on their sites( such as Java RMI registry or JINI namespaces).
Do you think additional security would be worthy? While something like ipchains is very important to a firewall, it may be of less importance to a web server. However the point of computer security(or the illusion of it) is to only allow access to resources that are needed. IPchains would allow you to close all the possible ports and all the incoming and outgoing connections and then specify which ones you will allow.
The question that I ask myself is how much can we trust the provider's security. If he is penetrated(forgive me for not finding a better word) that leaves all of us open to the attacker and I am pretty sure there are enough of system vulnerabilities/security bugs for him to exploit. Let me know what you guys think.

I'd rely on *you* securing *your* machine as much as possible. Whether you are colocating your own server or leasing a server from a company (in your case), I'd tink security is the sole responsibility of the person leasing the machine. There are a couple of things that users have recommended adding (see cobalt user archives for info).

For the most part, most colocation providers will not implement any type of a network based firewall, many can implement one at a extra charge on your machine, only. But I think its more imp. to note that its up too you too keep up with the latest security patch's.

I know its getting harder and harder in fact our company is looking to hire someone thats sole duty is just network and server security, hackers are getting ruthless, and theres so many tools available now that anyone off the street any more can hack.

vladgur, if you want a firewall setup, drop me a line at noc@tera-byte.com and we can work something out. There isn't much interest normally, so they're custom jobs.

Most servers (NT/Linux/Solaris/etc.) aren't all that well secured by default (with the notable exception of OpenBSD). There are some basic things you can do such as:
- turn off services in /etc/inetd.conf that you don't need (be sure you know what each services is before turning it off, though...)
- always use ssh and never use telnet to log in (ssh is not installed by default, but it's easy to install or we could do it for you)
- use good passwords (no dictionary words, nothing based on your name, birthday, etc.) and change them periodically
- use scp instead of ftp (scp is included with ssh)
- follow BugTraq (http://www.securityfocus.com/) to stay informed about security problems
- make sure your CGI scripts are secure

-Tim