Don't use your
Internet domain name as your NIS domain.
Use NIS+ instead of NIS, if possible. Don't run NIS+
in compatibility mode.
Use netgroups to restrict access to services, including login.
Make sure that your version of ypbind listens
only on privileged ports.
Make sure that there is an asterisk (*) in the password field of any
line beginning with a plus sign (+) in both the
passwd and group files of
any NIS client.
Make sure that there is no line beginning with a plus sign (+) in the
passwd or group files on
any NIS server.
If you are using Kerberos, understand its limitations. Protect the
Kerberos controller at all costs.
If you are using LDAP for authentication, secure connections with
TLS/SSL.
