Tags
Introduction
A quick list of security features for mitigating security threats for web servers exposed to the internet.
The actual number of physical appliances, their configuration and the number of devices in failover or round robin are not disclosed.
Router
- Firewall (pf)
- DNS block lists
- Crowdsec
- Suricata
- IP Droplists
- Monitor: munin
- Monitor: ntopng
- Monitor: netdata
Server
- Firewall (iptables)
- fail2ban
- mod_security
- [suricata]
- mod_evasive
- mod_rewrite (rejecting greedy clients)
- SSL/TLS
- HTTP (version, headers, etags)
- Middleware (PHP)
- CDS (Drupal) (config, robots.txt, .htaccess, site, modules)
- Apache config (security.conf,apache2.conf,reqtimeout.conf)
- kernel (SELinux,apparmor)
- filesystem ACL
- content
- physical