security question on a modem pool server

[Tony]

I maintain a modem pool server which supports a number of groups.
This server is on NIS which is not under my control. 
Is there a way to only allow certain users to use tip(1c) while
disallow other?  (duplicating NIS password to local password is
currently not possible).  
I would like this system to accept dial in, and "rlogin" to other
systems, but won't allow people to rlogin(1), ftp(1c) or telnet(1c) 
to it. Is it sufficient to comment out ftp, telnet, and login entry 
in /etc/inetd.conf and remove in.telnetd, in.ftpd, and in.telnetd? 
Is there any other security holes that I need to plug?
 
Thanks,
Tony