Routinely examine your inetd configuration file and startup files.

If your standard software does not offer this level of control, consider installing the tcpwrapper program to better regulate and log access to your servers. Then contact your vendor and ask when equivalent functionality will be provided as a standard feature in the vendor’s systems.

Disable any unneeded network services.

Disable any services that provide nonessential information to outsiders that might enable them to gather information about your systems.

Run a host-based, packet-filtering firewall on every system.

Make sure that your version of the ftpd program is up-to-date.

If you support anonymous FTP, don’t have a copy of your real /etc/passwd as an ~ftp/etc/passwd.

Make sure that /etc/ftpusers contains at least the account names root, uucp, and bin. The file should also contain the name of any other account that does not belong to an actual human being.

Frequently scan the files in your ftp account and determine their usage.

Make sure that all directory permissions and ownership on your ftp account are set correctly.

If your software allows, configure any “incoming” directories so that files dropped off cannot then be downloaded again without operator intervention. (If your software doesn’t allow this, consider changing to software that does.)

Make sure that your sendmail program will not deliver mail directly to a file.

Make sure that your sendmail program does not have a wizard’s ...