I agree with the answer of removing services and utilities.
-Think of all services CSPs offer, if you've provisioned services that aren't needed then they are an attack vector; e.g., S3 buckets (*ding ding* (remove, restrict, encrypt, etc)), public API Gateways, any other publicly exposed service, etc.
-Think of Linux and other OS' that allow you to install and remove services and utilities; e.g., SMB, NFS, iSCSI, NTP, CUPS, DNS, LDAP... etc.
-Think of rampant or forgotten instances themselves that run services that are not longer needed; decommission and remove
A because it reduces Attack surface, eliminates the maintanenance headache and also some frameworks such as ISO 27001,CIS benchmarks recommends removing the unused services or ulities. If removal is not possible then disabling is the next best option.
All non essential services should be stopped and set to disabled to ensure that they do not run. Al non essential software should be removed from the system. So key point here is services. So disable is the best (note you must disable after stopping the service as stopping alone cannot prevent from running again.)
upvoted 1 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
evilwizardington
Highly Voted 4 years agosaucehozz
Highly Voted 4 years, 3 months agoMartinRB
Most Recent 1 week, 3 days agora1paul
2 weeks, 6 days agosweetykaur
4 months, 1 week agogloby118
8 months, 2 weeks agoPika26
1 year, 9 months agoikamalbhatt
1 year, 9 months agoChibabest
4 years, 5 months agogouhaha
4 years, 5 months agonelombg
3 years, 7 months agoWumza
2 years, 3 months ago