There are couple of things involved in it.
1. Edit /etc/inetd.conf and comment out all the services that are not required to be used. For ex., finger, tftp, bootp, rwalld, rsprayd etc., Look at each service and see if you use them or not.
2. Restrict the access to the services that need to be running through /var/adm/inetd.sec. Look at the file for examples.
3. Disable ip_forwarding feature.
ndd -set /dev/ip ip_forwarding 0
Edit /etc/rc.config.d/nddconf and make the changes.
4. Disable Snmp if you do not need it. Edit /etc/rc.config.d/Snmp* and keep all the variables to 0. If you do need it, then edit /etc/SnmpAgent.d/snmpd.conf and set the community names to non-default and let your management servers know about it.
5. Make use of ftpaccess file. Disable anonymous ftp access.
6. Disable sendmail if you don't intend to receive mail on the box.
etc.,
Look at HP's document to make your system a bastion host.
http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000066258828DocID: USECKBAN00000800
-Sri
You may be disappointed if you fail, but you are doomed if you don't try
