Reducing the Attack Surface

It is a good idea, particularly for production regions or other regions that run on shared systems or have access to sensitive data (such as testing or QA regions), to edit the configuration and disable features your applications do not use. This is called reducing the attack surface, because it leaves fewer things exposed to malicious users or accidental misuse.

The sample configurations provided with Enterprise Server for .NET enable many optional features. This is convenient for developers who may want to try those features or run sample programs included with the product, and it helps to document configuration options. While you can use those samples as a starting point for your own region configurations, we recommend reviewing their contents and removing items you don't need.

The following topics suggest some items you may wish to remove from various configuration files.