Results 1 to 2 of 2
  1. #1
    Join Date
    Jul 2003
    Posts
    168

    Post Helm Server Installation, Setup and Configuration

    We do Helm Installation, Configuration, Installation of third Party Tools, Configuration and their integration with Helm along with basic security and tightening :

    On a single server Helm.. We do the following to make the server ready to go hosting :


    Software Installations :

    - Active Perl 5.8.x
    - PHP CGI 4.4.x, Zend Optimizer 3.1 for Windows, with GD2, Curl, MHash, MCrypt, MSSQL, ionCube support.
    - PHP CGI 5.1.x
    - Soap Toolkit 3.0
    - MS XML 4 SP2
    - MS XML 6
    - Winzip 10.0/Winrar 3.x
    - MySQL Database Server 4.1.x/Latest (Uses Old Password Encryption), ODBC Drivers (ODBC 3.51.12, ODBC 2.50.39, ODBC.NET, MySQL Connector.Net 1.0.7), phpMyAdmin
    - MySQL Database Server 5.0.x/Latest if requested ( Optional )
    - MySQL Front 2.5 ( GUI Tool to Manage MySQL )
    - AwStats 6.5
    - Active Ports
    - MBSA 2.0
    - EditPad Lite Text Editor
    - IIS Password/URL Protector
    - Python 2.4.x
    - Helm 3.2.10 ( with Helm Addons requested )
    - ASP.Net 1.1 and ASP.Net 2.0
    - SmarterMail 3.x (or any other mail server preferred. License should be provided or we can provide on competitive prices)
    and its Webmail setup on IIS.
    - SmarterStats 3.x ( or any other stats server you preferred. License should be provided or we can provide on competitive prices)
    - SmarterStats Password Changed for Helm.
    - Windows Defender Beta 2
    - Antivirus ( Optional, If requested and installer is provided )
    - MSSQL 2000 or 2005 with latest service pack if requested with Web Based manager like ASP.Net Enterprise Manager ( Optional, If requested and installer is provided )
    - SQL 2000 and 2005 Native Clients
    - FTP Server ( MS FTP as Default or Gene6 FTP or Serv-U FTP whatever requested )
    - MS DNS or Simple DNS
    - Front Page Extentions
    - Some Commonly used Components like ( CDONTS, ASPSimpleUpload, ASPSmartUpload, ASPSmartMail, JMail ) – All free ones/evaluation versions.


    Server Security, Optiomisation and Tweaking :

    1) Will assign restrictive permissions possible at root of drive and other application folder and system folders.

    Drive Root Permissions
    Helm Domains Folder Permissions
    Microsoft IIS Folder Permissions
    Microsoft FTP Folder Permissions
    CDONTS/CDOSYS Folder Permissions
    PHP Folder Permissions
    Perl Folder Permissions
    Python Folder Permissions etc.

    2) Will disable Null sessions to prevent unauthorized access to user list on machine, which can then be used with a password cracker to gain illegal access to machine.

    3) Will install URL Scan to prevent malicious requests from getting to IIS and causing a buffer overflow.
    ( URL Scan – Security Tool for IIS - http://www.microsoft.com/technet/sec...s/urlscan.mspx )

    4) Configuration of ASP.Net 1.1 and ASP.Net 2.0 and enabled ASP.NET impersonation, Running them in Medium Trust so that clients can’t access other customers directories and can’t run unmanaged code.

    - ASP.NET Folder Permissions
    - ASP.NET Impersonation Settings
    - ASP.NET 2 Applications Isolation

    ASP.Net 1.1 - http://msdn.microsoft.com/library/de...l/thcmch09.asp
    ASP.Net 2.0 - http://msdn.microsoft.com/library/de...AGHT000020.asp

    Will enable ODBC, OLDEB, Sockets Permissions and MySQL support for ASP.Net 2 running in Medium Trust.

    5) Hardening of the TCP/IP stack against Denial of Service Attacks.
    Microsoft KB Article : http://support.microsoft.com/default...b;en-us;324270

    6) IIS Modifications/Permissions/Various Log File Generation, Disable Rapid Fail Protection, Full W3SVC Log Generation for AWStats and other Stats Program.

    7) Mail Server Security/Mail Relaying settings to protect SPAM, Abuse Detections setup. Microsoft IIS SMTP Security and Relay Settings and Log Generations.

    8) Installing MBSA 2.0 to check other security related issues and Vulnerability.

    9) Disabling some Unwanted Services like :

    - Distributed File System
    - Distributed Link Tracking Client
    - Distributed Link Tracking Server
    - Error Reporting Service
    - Fax Service
    - Indexing Service
    - Netmeeting Remote Desktop Sharing
    - Print Spooler
    - Telnet

    10) Disabling some unused accounts. Disabling the Guest, Support_xxx, and ASPNET accounts. Some of these are disabled by default, and the ASPNET account is only used if IIS 6.0 is run in IIS 5.0 isolation mode (which we don’t). IIS 6.0 now uses “Network Services” account instead of ASPNET.

    11) Restricted the system tools that are commonly used by attackers to assist with both the initial compromise and expansion beyond the server. tftp(.exe), ftp(.exe), cmd.exe, bash, net.exe, remote.exe, and telnet(.exe).

    12) Disabling Windows Shell Execution.

    13) Configuring Windows 2003 Internet Connection Firewall.

    14) Installing Microsoft Windows Defender (Antispy Program).

    15) Installing Antivirus provided.

    16) MS DNS Server Security - Disabling Recursion and Forwarders.
    If using SimpleDNS - Enabling Recursion to local IPs and Subnets only and other Security settings etc.

    17) NTFS Hacks and Tuning like Turning off NTFS 8.3 Name Generations etc.

    18) MySQL Server Security. Disabling Anonymous Accounts, etc.

    19) Local Audit Policies Setups like :-
    - Account Logon Events
    - Account Management
    - Directory Service Access
    - Logon Events
    - Object Access
    - Policy change
    - Privledge Use
    - Process Tracking
    - System Events

    20) User Rights Assignments like :-
    - Audit the access of global system objects
    - Interactive Logon to not to display last user name
    - Changing all Event Logs properties to maximum Log Size of 16MB; Overwrite old Events as needed

    21) NIC Settings/ LAN Connection Settings :

    - Disabling Client for MS Networks
    - Disabling LMHOSTS lookup
    - LAN-Connection shows ICON in Tray when connected (easier access)

    22) Installing all Security Patches and Pending Service Packs.

    23) Enabling HTTP Compression ( GZip/Deflat ) for IIS 6.0

    And many more based on my experience.

    For all this I charge $175.. I accept paypal and all major credit card payments. If someone interested then let me know and for any further queries then can PM or Email catch me on MSN too ( Rubal @ Rubal [dot] Net )

    Kind Regards
    ¶ Rubal Jain // E-Mail - Rubal [at] Rubal.Net
    ¶ Helm Control Panel Setup, Installation, Configuration, Troubleshooting
    ¶ Helm Server Move, Service Migrations, Restorations, IP Renumbering
    ¶ Windows Server Setup, Configuration, Troubleshooting, Basic Security & Hardening

  2. #2
    Join Date
    Jan 2002
    Location
    Monterrey, Mexico
    Posts
    172
    We use Rubal´s services and could not be more happier, very profesional, we will recommend him to any one.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •