Keeping your system secure
A common joke in information security circles is that the only perfectly secure system is one that is powered off. Such a system is only secure in the sense of integrity and confidentiality, of course – at the cost of availability. Any realistic scenario is always a compromise and there is always a risk; the system administrator’s goal is to prevent known attacks and reduce the impact of unknown ones, and every administrator must always be ready to respond to new threats and mitigate them.
Luckily, following simple guidelines can considerably reduce the risk – let’s discuss the general strategies and tactics to prevent specific attack types.
Reducing the attack surface
A system’s attack surface is, roughly speaking, the set of all ways to access it. For example, a machine that is running a web server and also a mail server has a larger attack surface than a system that only runs one of those. If we assume that vulnerabilities...