Minimize network services
Take steps to reduce the potential for compromise of network services.
Steps include:
-
Disable any unnecessary network services.
-
If there are network daemons that must run on the system but are only accessed over the loopback interface, such as a local SMTP server for relaying email messages, configure them so that they are not accessible to external clients.
-
Use firewall software to ensure that only the minimum number of ports are exposed to external systems.
-
When possible, configure services to run as a non-root user with as few rights as possible.