- Install some brute force protection which can automatically ban an IP
on say 5 / 10 failed login attempts
The only software I know that could do this isn't supported anymore (trisentry) or is too confusing and I don't know it yet (snort). Suggestions?
denyhosts is pretty widely used. You could probably also make use of iptables.
I used it a while back and it worked well except the time I locked my own IP out somehow (or perhaps some bot infected PC from my ISP that had that IP previously took care of that for me, not sure as I didn't dig deeper).
One thing I did was set up hosts.deny for ranges of IPs that I knew I would never come from (i.e. overseas), obtaining them from IANA. A bit tedious, but you may deem that option to be worth your while. Alternatively if you only ever come from a given range of IPs (your ISP), then you could deny all in hosts.deny and then in hosts.allow only allow your ISP's range of IPs. But if ever on the road you'll not be able to connect unless you happen to have your home system set up for SSH which would then allow you to SSH to the office from it. The idea being that a person coming from an IP outside of your ISP wanting access to your office PC would have to know that it only allows connection from certain IPs and then seek out a machine on that IP - your home PC - which could be compromised to in turn launch an attach against the office PC from it. The inconvenience to you of having to first go through your home PC to get to the office PC would only apply when away from your ISP connection. Of course if you are on the road alot then this may not be an attractive option.
Jacques B.