Services can be secured in a running system in two ways:
Making them only accessible at the access points (interfaces) they need to be
in.
Configuring them properly so that they can only be used by legitimate users in
an authorized manner.
Restricting services so that they can only be accessed from a given place can
be done by restricting access to them at the kernel (i.e. firewall) level,
configure them to listen only on a given interface (some services might not
provide this feature) or using some other methods, for example...
