There are several ways of customizing the network interfaces of the system to create a more secure system. One way is to unplug it from the wall, turn off the power and use it as a paperweight. As this is generally not most useful modus operandi of your Linux system, one must make some modifications to keep people out while still allowing others to get their work done.

I. The /etc/inetd.conf file and tcp_wrappers
 

A. The /etc/inetd.conf file is the config file for inetd which listens on certain internet sockets and depending on the type of request made starts the correct service. Services include the following:

ftp
telnet
gopher
smtp         disallowed by default
nntp          disallowed by default
shell
login
exec           disallowed by default
talk
pop-2         disallowed by Fermi
pop-3         disallowed by Fermi
imap           disallowed by Fermi
uucp           disallowed by default
finger
netstat        disallowed by default
time
auth

B. The pop and imap services are disallowed at the Lab due to serious problems in the past with security holes in these services. To disallow services, such as the useless gopher services, simply comment out the service line in /etc/inetd.conf by adding a # sign to the front of the line, and restarting the inetd daemon either send a kill -HUP to the process ID associated or by issuing a command directly to the rc script to restart, i.e., '/etc/rc.d/init/inet restart'