Application servers are an obvious target for an attacker. They are often a central repository for all manner of data, be it authentication credentials, intellectual property, or financial data. Being so data rich provides an obvious point for a financially motivated attacker to monetize his attack, and for a politically motivated attacker to steal, destroy, or corrupt data.
Of course in a system architected to have many tiers, application servers may not contain data; however, they will contain application code and serve as an ideal pivot point to other systems. They are typically connected to other systems, such as databases, which places a target on the application servers.
For these reasons we should seek to ensure that the servers are built both to perform their desired function with specification and to withstand an attack.
It is always recommended that the infrastructure surrounding an application be configured to defend the server from attack. However, ensuring that a server is as well-defended as possible in its own right is also strongly advised. This way, in the event that any other defensive countermeasures fail or are bypassed—for example, by an attacker using lateral movement from within the infrastructure—the server is still defended as well as is sensibly possible.
The essentials for Windows-based platforms have already been described in Chapter 1, so this chapter will focus on Unix platforms such as Linux, FreeBSD, and Solaris. ...