Basic Principles for Systems with Shared Networking Services
In general, it’s better to reduce the attack surface by reducing the number of packages and services running on any given host. However, that should not be done at the expense of installing dozens of systems on the network, each having a single purpose in life. For that, there are containers, which reduce the attack surface from the perspective of the application without increasing the attack surface in your network by introducing dozens of new target systems. After all, the application is only one aspect of a potential attack. The operating system itself could be vulnerable. And once credential theft has occurred, moving around within the network, no matter how many systems there ...
Get Security Strategies in Linux Platforms and Applications, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
