Steps include:

  • Disable any unnecessary network services.
  • If there are network daemons that must run on the system but are only accessed over the loopback interface, such as a local SMTP server for relaying email messages, configure them so that they are not accessible to external clients.
  • Use firewall software to ensure that only the minimum number of ports are exposed to external systems.
  • When possible, configure services to run as a non-root user with as few rights as possible.