2.2.3 Implement additional security
features for any required services,
protocols, or daemons that are
considered to be insecure—for
example, use secured technologies
such as SSH, S-FTP, SSL, or IPSec
VPN to protect insecure services such
as NetBIOS, file-sharing, Telnet, FTP,
etc.
Enabling security features before new servers are
deployed will prevent servers being installed into
the environment with insecure configurations.
Ensuring that all insecure services, protocols, and
daemons are adequately secured with appropriate
security features makes it more difficult for
malicious individuals to take advantage of
commonly used points of compromise within a
network.