-
Don't use your Internet domain name as your NIS domain.
-
Use NIS+ instead of NIS, if possible. Don't run NIS+ in compatibility mode.
-
Use netgroups to restrict access to services, including login.
-
Make sure that your version of ypbind listens only on privileged ports.
-
Make sure that there is an asterisk (*) in the password field of any line beginning with a plus sign (+) in both the passwd and group files of any NIS client.
-
Make sure that there is no line beginning with a plus sign (+) in the passwd or group files on any NIS server.
-
If you are using Kerberos, understand its limitations. Protect the Kerberos controller at all costs.
-
If you are using LDAP for authentication, secure connections with TLS/SSL.