Don’t use your Internet domain name as your NIS domain.

Use NIS+ instead of NIS, if possible. Don’t run NIS+ in compatibility mode.

Use netgroups to restrict access to services, including login.

Make sure that your version of ypbind listens only on privileged ports.

Make sure that there is an asterisk (*) in the password field of any line beginning with a plus sign (+) in both the passwd and group files of any NIS client.

Make sure that there is no line beginning with a plus sign (+) in the passwd or group files on any NIS server.

If you are using Kerberos, understand its limitations. Protect the Kerberos controller at all costs.

If you are using LDAP for authentication, secure connections with TLS/SSL.