1. Disable all system default accounts, and change default passwords and permissions.
2. Do not display company banners, online help or other enticements before a user is authenticated.
3. Display network services that provide information a hacker could use to exploit system security.
4. Do not allow users to login into a host as super user, Authorised users should login with their own IDs.
5. User passwords to be changed frequently.
6. Limit the number of invalid login attempts a user can make.
7. Record security violations and review security logs.
8. Use encryption to protect sensitive information over a network.
9. Install up-to-date system patches that correct security weaknesses exploited by hackers.
10. Ensure that permissions are set correctly on any directory that outsiders may log into, such as an anonymous FTP directory.