25.5. Choosing Which Services to Run
As I explained earlier in this chapter, the list of services you can offer on a computer running Mac OS X Server is quite long. During your initial setup of Mac OS X Server, the Server Assistant program asks you what services you want to provide and activates those automatically. Afterward, you can change your mind — adding or deactivating services as you want — using Server Admin. But the question is which of the many services you should use.
The trivial answer is that you should run all and only the services you need. If your organization installed an Xserve to function as a web server, for example, then clearly you need to have the web server turned on. But my advice is to avoid turning on anything you're not sure you need. Because every running service provides another possible avenue of attack, another way someone could potentially exploit a bug or security hole to gain control of your server or steal your data, the safest practice is to leave any service you're not actively using turned off and to turn it on only when the specific need arises. If you're not certain that you need a service running, you probably don't.
One area in which this decision is especially important is file sharing. If you know you need to share files from a computer running Mac OS X Server, you can use any or all of four services: AFP, FTP, NFS, and SMB. Of these, NFS is technically the most ...
Get Mac® Security Bible now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
