Today, the security of an organization's computer network assets is often based on a manual review and configuration of a variety of parameters, wherein the sum of these parameters constitutes a security profile for the corresponding site, environment, or application. The security profile can include information pertaining to minimization of a computer system's software, wherein minimization serves to constrain the software available on the computer system to be a set of software explicitly required for the computer system to perform its business function and be managed.
If it is determined that a service is not required for a computer system to perform its business functions and be managed, there is no virtue in the application binaries, libraries, and configuration files associated with the unnecessary service being included as part of the software distribution visible on the computer system. In fact, there is virtue in having files associated with the unnecessary service unavailable on the computer system. In a situation where an unnecessary file, such as a mail server executable deployed on a computer system functioning as a web server, includes a vulnerability which would allow an authorized user of the computer system to elevate their privilege in an unauthorized manner once logged in, removal of the unnecessary file is a genuine security enhancement. Minimization is a process for removing files and packages associated with unnecessary services from a computer system.
As computer systems, networks, and applications become more mobile and versatile, an increasing need exists for improvements in minimization technology and associated deployment for contributing to the security of the computer systems.