Minimal access

• run nothing you don't need

  • understand everything you run

• run servers with least possible privilege

  • unprivileged accounts
  • reduced options

• do services need to be bi-directional?

  • only need outbound sendmail on workstations

• restrict access using wrappers and/or routers

Previous slide

Next slide

Back to first slide

View graphic version