Every server process you run on your system provides another potential point of compromise. Thatâ€™s why itâ€™s so often recommended that you turn off unnecessary services on Windows machines and deactivate unneeded daemons on UNIX operating systems.
You canâ€™t simply turn off all services and daemons, however, as the ability to use your operating system environment would be severely crippled if you did. As a result, it becomes necessary to attempt to secure the operation of the server processes you need.
An example of such a case is a UNIX or Linux DNS server. Just like any other server software, the BIND server daemon named process may occasionally be subject to security vulnerabilities that may allow a malicious security cracker to gain unauthorized access to your system. It is thus important to configure your system to minimize the damage a security cracker can do when he or she exploits such a vulnerability.