•
Turn off or remove any RPC service
• Install the latest patches
• Regularly search the vendor
patch database
• Block the RPC port (111) on
firewall / router
• Block the RPC ¡±loopback¡±
ports (32770-32789 TCP & UDP)
• Enable a non-excutable stack
• NFS exported file systems
- Use host/IP based export lists
- Setup exported file
systems for read-only or no-suid
- Use nfsbug to scan
for vulnerabilities
|