"Recently, a colleague complained to me that X Windows refused
to start following a routine patch upgrade on a production Web
server. I asked why he needed X Windows running on a production Web
server in the first place, especially a server that was allegedly
secured as a bastion host in a perimeter DMZ. The response that 'it
was installed by default' seemed inadequate when considering the
security risk posed by running X Windows on a bastion host.
"Unnecessary packages on a host bring significant risks. An
attacker can target the capabilities of those unnecessary packages
to subvert or compromise your host, especially since most
distributions automatically start the processes required by the
installed packages (for example, if you have installed Apache, then
the httpd process is automatically started)..."
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.