diff --git a/debian/ngcp-panel.service b/debian/ngcp-panel.service
index 64831cfeea..ad474034e6 100644
--- a/debian/ngcp-panel.service
+++ b/debian/ngcp-panel.service
@@ -16,5 +16,109 @@ RuntimeDirectoryPreserve=yes
 PIDFile=/run/fastcgi/ngcp-panel.pid
 ExecStart=/usr/share/ngcp-panel/ngcp_panel_fastcgi.pl --listen /run/fastcgi/ngcp-panel.sock --pidfile /run/fastcgi/ngcp-panel.pid --nproc $NPROC
 
+# Service cannot create writable executable memory mappings that are writable and executable at the same time
+MemoryDenyWriteExecute=true
+
+# Files + directories not directly associated are made invisible in the /proc/ file system
+ProcSubset=pid
+
+# Writes to the hardware clock or system clock will be denied
+ProtectClock=true
+
+# Service cannot modify the control group file system (via /sys/fs/cgroup)
+ProtectControlGroups=true
+
+# Service has no access to home directories
+ProtectHome=true
+
+# Set up new UTS namespace for the executed processes + changing hostname or domainname is prevented
+ProtectHostname=true
+
+# Service cannot load or read kernel modules
+ProtectKernelModules=true
+
+# Service cannot alter kernel tunables (/proc + /sys)
+ProtectKernelTunables=true
+
+# Service has strict read-only access to the OS file hierarchy
+ProtectSystem=strict
+
+# Access to the kernel log ring buffer will be denied
+ProtectKernelLogs=true
+
+# Processes owned by other users are hidden from /proc/
+ProtectProc=invisible
+
+# Service may execute system calls only with native ABI
+SystemCallArchitectures=native
+
+# Limit set of capabilities
+CapabilityBoundingSet=
+
+# Service process does not receive ambient capabilities
+AmbientCapabilities=
+
+# Service has no access to other software's temporary files
+PrivateTmp=true
+
+# Service has no access to hardware devices
+PrivateDevices=true
+
+# Limit write access
+# NOTE: we need r/w access to ngcp-panel/Catalyst tmp folder
+ReadWritePaths=/ngcp-data/tmp/www-data/
+# NOTE: we need r/w access to /ngcp-data/spool/faxserver for sending fax
+ReadWritePaths=-/ngcp-data/spool/faxserver
+
+# Service cannot change ABI personality
+LockPersonality=true
+
+# Turn off acquisition of new privileges system-wide
+NoNewPrivileges=true
+
+# Service has own user namespace, only root, nobody, and the uid/gid under which the service is running are mapped
+# NOTE: we can't have our own user namespace, as we need proper permissions e.g. to /ngcp-data/spool/faxserver
+PrivateUsers=false
+
+# Service user cannot leave SysV IPC objects around
+# NOTE: service runs as root, so option does not matter
+RemoveIPC=true
+
+# Restrict service to allocation of local, ipv4 + ipv6 sockets
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+
+# Restrict access to the various process namespace types the Linux kernel provides
+RestrictNamespaces=true
+
+# Service may not acquire realtime scheduling
+RestrictRealtime=true
+
+# Attempts to set SUID or SGID bits on files or directories will be denied
+RestrictSUIDSGID=true
+
+# Files created by service are accessible only by service's own user by default
+UMask=0077
+
+# NOTE: Service needs access to the host's network
+PrivateNetwork=false
+
+# Control access to specific device nodes by the executed processes
+DevicePolicy=closed
+
+# NOTE: we need network access to e.g. redis server
+IPAddressAllow=any
+
+# Maximum number of bytes of memory that may be locked into RAM
+LimitMEMLOCK=0
+
+# Restrict system calls that are allowed to be executed
+# NOTE: @system-service => reasonable set of system calls used by common system services
+SystemCallFilter=@system-service
+# NOTE: return with ENOSYS instead of terminating the process immediately
+SystemCallErrorNumber=ENOSYS
+
+# All system calls except the listed ones will be logged
+SystemCallLog=~@system-service seccomp
+
 [Install]
 WantedBy=multi-user.target