First page Back Continue Last page Summary Graphics
Limit Access to Sensitive or Easily Exploitable Services
DNS
- Forwarding-only name servers - Allow DNS exchanges with only your specific remote servers
- Full name servers - Allow incoming TCP connections from only your specific remote secondaries.
SSH - if possible, try to limit incoming connections to specific remote hosts
Telnet - if possible, don't allow telnet. Require an encrypted service such as ssh or ssl telnet.
POP and IMAP - If remote access is necessary, try to limit incoming connections to specific remote hosts or networks. Avoid clear text passwords if possible.
FINGER, PING, and TRACEROUTE - disallow or limit incoming connections to specific remote hosts or networks.
Berkeley Remote Commands - do not allow external access to these services.
RPC, NFS, NIS, portmap
Notes: