22 Aug
2010
22 Aug
'10
5:43 p.m.
2010/8/22 Robert Spangler mlists@zoominternet.net:
On Friday 20 August 2010 10:55, Brunner, Brian T. wrote:
2: Log-ins through firewall allowed only from approved IPs/MACs regardless of possession of correct password.
One can never guarantee that they will be a at the approved IP/MAC Address when issues arise. For this reason I would use SSH-Keys for access to the machine. I would also move the port to something other then the default port and block 22 at the firewall. After that I would run something like fail2ban and drop any IP Address that fails to log in on the new port should that port be discovered by unauthorized persons.
read cis redhat tuning manual, it is really good.
-- Eero