14 Mar
2010
14 Mar
'10
9:46 a.m.
I'm no longer a bitfolk customer, but IMHO:
I'm not sure this gets you much -- many bots just want to send
email/packets to other networks which can be done with regular
accounts.
Running ssh on a non-standard port is the best option in terms of
setup time and effectiveness -- it won't deter a dedicated attack, but
it stops you being the low-hanging fruit.
Casper.
3) Disable
root login.
I would say yes for every OS. There shouldn't really be any need to
log in as root (esp if you can su/sudo up to it).
6) Move sshd to another port.
More of a security by obscurity approach, but it would limit the
inbound attacks.