Are there any services that pose risks to the Web server security?
Absolutely. As a general principle, you should not run any service on your Web server that is not required for the Web service to function properly. This will vary depending upon the operating system and Web platform you're using, but you should always strive to have the minimal set of services running. The presence of extraneous services offers malicious individuals additional attack vectors to exploit, compromising the security of your system while providing no business benefit to you.
Along these same lines, you should separate critical components of your infrastructure so that each server only hosts one critical service. For example, if you have a dynamic Web application, it is good practice to host the database and Web server on different systems. This provides a degree of isolation and allows you to more easily implement layered protection against attacks.
Learn how to plan and perform a secure installation of your Web server's operating system and services, in Lesson One of SearchSecurity.com's Web Security School.
Dig Deeper on Web Services Security and SOA Security
Related Q&A from Mike Chapple
It's hard to tell if a company is a HIPAA business associate, but a closer look at HHS documents helps. Expert Mike Chapple discusses a specific case...continue reading
There was speculation in the security world over whether the FedRAMP certification would be helpful or not. Now that it's in full use, Mike Chapple ...continue reading
Medical device companies are part of the health industry, but does that make them a HIPAA covered entity or business associate? Expert Mike Chapple ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.