Turning off unused network services is always a good way to improve
your intrusion prevention. For example, if you are running an Internet
superserver (such as inetd or xinetd described earlier in this tutorial),
then in.rshd, in.rlogind, and in.telnetd are often enabled by default.
These network services have nearly all been superseded by more secure
alternatives such as ssh.
To disable services in inetd, simply comment out the appropriate line
in /etc/inetd.conf by prepending "#;" then restart inetd. (This was
described previously in this tutorial, so glance back a few panels if you
need a refresher.)
To disable services in xinetd, you can do something similar with the
appropriate snippet in /etc/xinetd.d. For example, to disable telnet,
either comment out the entire content of the file /etc/xinetd.d/telnet, or
simply delete the file. Restart xinetd to complete the procedure.
If you're using tcpd in conjunction with inetd, or if you're using
xinetd, you also have the option of limiting incoming connections to
trusted hosts. For tcpd, see the earlier sections in this tutorial. For
xinetd, search for "only_from" in the xinetd.conf(5) man page.