Separation of Services
Separation of services is another important concept for those responsible for securing Unix systems. The basis of this concept is that services with different purposes should reside on separate systems, to minimize the risk to your system when a server is compromised.
If one server is hosting three different services—say DNS, email, and your company's Web server—all three services are at risk if that single server is compromised. A hacker could change DNS records, read company email, and bring down your Web server, all by breaking into one machine. Separating these services onto three separate machines minimizes the risk of a total system compromise because the compromise of a single server only puts the service running ...
Get Unix® System Management Primer Plus now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
