diff --git a/nixos/modules/security/rngd.nix b/nixos/modules/security/rngd.nix
index 60361d9960e..d9d6d9c9f25 100644
--- a/nixos/modules/security/rngd.nix
+++ b/nixos/modules/security/rngd.nix
@@ -42,6 +42,11 @@ in
       serviceConfig = {
         ExecStart = "${pkgs.rng-tools}/sbin/rngd -f"
           + optionalString cfg.debug " -d";
+        NoNewPrivileges = true;
+        PrivateNetwork = true;
+        PrivateTmp = true;
+        ProtectSystem = "full";
+        ProtectHome = true;
       };
     };
   };