Limiting Other Applications on the Server

Carefully consider all applications that run on the same machine as the server. It is possible to circumvent your server’s security by exploiting holes in other programs running on your server. Disable unnecessary programs and services. For example, the UNIX sendmail daemon is difficult to configure securely and it can be programmed to run other possibly detrimental programs on the server machine.

UNIX and Linux

Carefully choose the processes started from the inittab and rc scripts. Do not run the telnet or rlogin from the server machine. You also should not have the rdist on the server machine (this can distribute files but it can also be used to update files on the server machine).

Windows

Carefully consider the drives and directories that are share with other machines. Also, consider the users who have Guest privileges.

Be careful about programs you upload on your server, or those that other people install on your server. Other people’s programs might have security gaps. Someone could upload a malicious program designed specifically to subvert your security. Always examine programs carefully before you allow them on your server.