Servers

Usually, the first step to secure a server system is to protect its executables, libraries and configuration files against unauthorized modifications. After that, all services can be encapsulated into individual sandboxes.

Examples of servers that need service encapsulation or compartmentation are:

Firewalls:

DNS and mail forwarders, Web and FTP proxies

(Virtual) Webservers:

Apache, Zope etc., CGIs, separation of virtual domains

(Virtual) Mail Servers:

Sendmail, QMail, Postfix, POP3, IMAP, mailing lists, separation of mail areas

File Servers:

Samba, Coda, separation of organizational areas like workgroups, etc.

Application Servers:

separation of user accounts, protection against malware or user attacks