Operating systems typically offer services that can be accessed over the network. A typical example is a server that allows clients to access content on the server using a web browser. In this context, we use the term
to denote an open TCP or UDP port in combination with a process listening on the port. A single process may offer multiple services, for example, the server
. In contrast, multiple processes may use the same port, for example, a web server.
Default installations of operating systems often include different network services (e.g., RPC, SMTP and SSH) to simplify system administration. Inexperienced users often install services that are unneeded for their purposes simply to get applications quickly up and running, or to ensure that their system provides full functionality. From the adversary’s point of view, every running service provides a potential point of entry into the system. Noteworthy here are default services that are not monitored. These pose a serious security risk since they often run with default configurations and are not regularly updated. Hence, deactivating or restricting unused services are easy ways to increase system security. The act of reducing a system’s functionality and access permissions to a minimum and thus reducing its attack surface is often called