Minimize Software and Services

If you don’t need a piece of software, don’t install it.
If you don’t need a service, don’t start it.
If you no longer need the software or service, stop and uninstall it.

Run Services on Separate Systems

Minimizes the risk of one compromised service leading to other compromised services.

Encypt Data Transmissions

FTP->SFTP
telnet->SSH
SNMP v1/2->V3
HTTP->HTTPs

Avoid shared Accounts

Avoid Direct root Logins

Do not allow direct login of shared accounts.
Users must login to their personal accounts and then switch to the shared account.
Control and monitor access with sudo.

User Multifactor Authentication

Something you know + something you have or something you are.
Examples:
password + OTP
password + fingerprint

The Principle of Least Privilege

Only use root privileges when required.
Avoid running services as the root user.
Use restrictive permission that allow people and services enough access to do their jobs.

Monitor System Activity

Routinely review logs.
Send logs to a central logging system.

User a firewall

Netfilters + iptables.
Only allow network connections from desired sources.

Encrypt your data

Encrypt data on disk