Take steps to reduce the potential for compromise of network services.
- Disable any unnecessary network services.
- If there are network daemons that must run on the system but are only accessed over the loopback interface, such as a local SMTP server for relaying email messages, configure them so that they are not accessible to external clients.
- Use firewall software to ensure that only the minimum number of ports are exposed to external systems.
- When possible, configure services to run as a non-root user with as few rights as possible.