Well, you already know what ports are open. It really comes down to the security of whatever code you're exposing to the world on those ports.
Well, you already know what ports are open. It really comes down to the security of whatever code you're exposing to the world on those ports.
Apart from the code you write, extra enhancements could be: Not using passwords with SSH, but only certificates.
Read this one as well: <http://www.debian.org/doc/manuals/se...-debian-howto/>.
How is the firewall setup?
Snort (Intrusion detection system), logwatch, fail2ban, auditing, trying to break in yourself, enumerating, keeping everyting updated, etc.
Most importantly: Common Sense. Do not use "root" with the password: "3xtr3m3lys3cur3p4sswd" (Actually, that may be good... But root should not be allowed remote access. Always use "sudo")
Anyway's, entire dayjobs can be filled with this sort of thing
Bookmarks