2) Tweak various protocols

        * Make sure /etc/inetd only supports certain protocols:

    time   stream tcp nowait root   internal
    time   dgram  udp wait   root   internal
    ftp    stream tcp nowait root   /usr/sbin/tcpd    in.ftpd -l -a
    telnet stream tcp nowait root   /usr/sbin/tcpd    in.telnetd
    shell  stream tcp nowait root   /usr/sbin/tcpd    in.rshd
    login  stream tcp nowait root   /usr/sbin/tcpd    in.rlogind
    auth   stream tcp nowait nobody /usr/sbin/in.identd in.identd -l -e -o

        * Make sure tcp wrappers are secure; 
        
            --- /etc/hosts.allow:
            ALL:192.168.10.1,192.168.10.2,192.168.10.3,192.168.10.4

            --- /etc/hosts.deny:
            ALL: ALL

        * Tweak web server so it only presents webpages to local network
          machines (Assumes firewall prevent spoofs from outside):

            --- /etc/httpd/conf/allow.conf
            [..]
            # Controls who can get stuff from this server.
            order allow,deny
            allow from 192.168.10.0/24          << added this
            # allow from all
            [..]

          ..restarted server, tested 'telnet <myip> 80', and typed
          "GET /" to verify disallowed message.

        * Router config: nothing special here, just the default stuff
	  created by linux and PPP:

	    # netstat -r
	    Kernel IP routing table
	    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
	    206.115.153.168 *               255.255.255.255 UH        0 0          0 ppp0
	    192.168.10.3    *               255.255.255.255 UH        0 0          0 eth0
	    192.168.10.0    *               255.255.255.0   U         0 0          0 eth0
	    127.0.0.0       *               255.0.0.0       U         0 0          0 lo
	    default         206.115.153.168 0.0.0.0         UG        0 0          0 ppp0