Replying to Avatar Technomancer

Put it on a DMZ in case of compromise. This will make it harder for lateral movement in case of compromise.

The fewer apps its running the smaller the attack surface. Only run what you need.

Add a white list for IP that can access it via ssh. Ensure its your lan subnet only.

Enable tor and use a proxy.

Run a vulnerability assessment. Openvas would be suitable.

Disable root, don't allow ssh as root. Make sure its always up to date.
Avatar
bootlace 2y ago

Optional:

Random username

Login failure daemon

Ip allow list of you can

Extra credit:

Port knocking

Controversial:

Non standard port

Reply to this note

Please Login to reply.

Discussion

No replies yet.