Changes

A large part of securing servers involves defining roles, and based on the roles, defining which services and ports should be accessibleenabled. For example, a server that is to act solely as a web server should only run the HTTP service (in addition to perhaps SSH for remote administration access). All other services should be disabled and, ideally, removed entirely from the operating system(thereby making it harder for an intruder to re-enable the service).

Many operating systems are installed with a number of services installed and activated by default. Before displaying a new operating system it is essential that the installation be carefully planned. This involves deciding which services are not required and identifying which services have been installed and enabled by default. Deployment of new operating system installation should never be rushed. The fewer services and open ports available on a system the smaller attack the surface area and opportunities for attackers. A good way to verify the security level of a system prior to deployment is through the use of ''Port Scanning''technology.