ΒΆ Configuration and Server / Site Hardening Options
- Server Configuration (noting that DMZ is more complex than typical
go-live process so some additional hours are required): 6-12 hours
if follows a typical scenario. This can require much more time if
associated support needed isn't available.
- Setup SSL certificate - configure and validate on the server.
Additional time needed if we're purchasing and issuing the
certificate: typically 1-2 hours.
- Harden Server - we have a checklist we typically will "apply"
settings and configuration adjustments from to harden the IIS and
Server instance that is "web-facing" (i.e. has port 443 and
potentially port 80 open to public): 4-8 hours.
- Setup CDN / security "filter" in front of web-traffic to server: We
typically recommend CloudFlare or Incapsula. Either option has
varying levels of service but ranges from free (very limited
capabilities though!) to about $60/month for a typical security /
performance configuration: typically 2-3 hours to configure and
validate.
- Run PCI/DSS or similar periodic security audit: typically 4-6 hours
(noting that if #3 above is completed this reduces the time
required dramatically). Typically if there are any issues found in
subsequent security audits we'll address those "a la cart" or as
needed but they might require 1-2 hours if they're rather involved
security issues.