Some server system administrators, especially those with little experience, may operate under the mistaken belief that they will find security through obscurity. In their minds, as long as their server is small and not hosting major big-name websites, those with malicious intent will leave them alone.
What these idealists fail to realize is that attackers do not always consciously target specific servers. Instead they look for those that make good targets. To state it more plainly, even if you are not scanning for vulnerabilities, you can bet that they are. They will find them on your server and use them to either take control or launch attacks on other servers.
The other important point to note is that any user activity on a server heightens the likelihood of vulnerabilities. If you have web applications with multiple users, especially sites that use forms of social media, you run a greater risk of having scripting vulnerabilities that may not be completely obvious. Regular server-wide scanning may reveal vulnerabilities in scripts that your server’s users unknowingly installed.
By using vulnerability scanners, keeping your web applications and software up-to-date, and by using other security measures, such as application firewalls, you can prevent many attacks and more easily mitigate ones that still occur. When it comes to dedicated servers, being proactive can save you a great deal of time and money.