Lots of good suggestions here,
I am sure this is a lame one but host based firewall is a must. Stateful inspection and make sure to apply out bound rules.
I prefer to only use ssh keys for login and not allow user/pass.
And you can dll the free version of cis bench mark and run that against a system. That little app shows you tons of ways to tighten down a box.
I do these things combined most of the above suggestions.
|