[CentOS] securing a remotely hosted machine

Sun Aug 22 17:43:46 UTC 2010
Eero Volotinen <eero.volotinen at iki.fi>

2010/8/22 Robert Spangler <mlists at zoominternet.net>:
> On Friday 20 August 2010 10:55, Brunner, Brian T. wrote:
>
>> 2: Log-ins through firewall allowed only from approved IPs/MACs
>> regardless of possession of correct password.
>
> One can never guarantee that they will be a at the approved IP/MAC Address
> when issues arise.  For this reason I would use SSH-Keys for access to the
> machine.  I would also move the port to something other then the default port
> and block 22 at the firewall.  After that I would run something like fail2ban
> and drop any IP Address that fails to log in on the new port should that port
> be discovered by unauthorized persons.

read cis redhat tuning manual, it is really good.

--
Eero