Have to muck around with the server a bit, but most of these can't be done until the weekend... so that if the thing dies on me, nobody would likely notice while I get it back up :D
Moving SSH to a higher port, apparently stops quite a bit of attack since most script kiddies aren't likely to know how to edit or attack a higher range.
Going to cert based SSL, I'm concerned about this because I'd hate to break it totally. Or in the event when I need to access from a system without the cert :(
If these two work, then I can ignore the BFD/APF/F2B for now.
No comments:
Post a Comment