Header image

Try To Keep to One Service Per Machine

Ideally, you should try to keep to one server (be it http, ftp, dns, dhcp, or what-have-you) per machine. This minimizes the complexity for any one machine, and helps to slow down an attacker from spreading their control throughout your systems if one system is breached. It also greatly simplifies recovery in case of a successful attack.

Practical considerations (availability of hardware, for example) may make this difficult at times, but it's the standard to shoot for.

[Prev]   [Up]   [Next]