Features known to be unsafe in a particular environment are
disabled. Examples include disabling network file systems operating over
open networks, disabling guest accounts, and disabling dial-in modems
connected to maintenance ports except when maintenance is required.
Complexity: This is not difficult to to, but often the feature that is
unsafe is used and this introduces a risk/benefit tradeoff. It is also
common to find new vulnerabilities and if this policy is followed, it may
result in numerous changes in how systems are used and thus create
operational problems that make the use of many features infeasible.