1. Review FW Rules:
Review all firewall rules to close any security holes that may have been exploited. In particular, check inbound and outbound access rules.
2. Limit to trusted IPs:
Limit SSH access to known and trusted IP addresses only. Remove the rule that allows SSH access from any source (Any). If access from multiple locations is required, consider using a VPN. This involves setting up a VPN server and configuring the SSH server to only accept connections from the VPN's IP range.
3. Network Packet Filtering:
Network packet filtering plays a vital role in our security strategy, effectively blocking known malicious traffic and enforcing application-level access rules, providing a strong sense of security.
4. Port Blocking:
By blocking all ports and services that are not actively used, we are taking control of our network's security and operating more efficiently. If a service is not needed, it is best to disable it.
5. MFA:
Implement two-factor authentication for critical services such as SSH and access to administrative panels.
6. Natting and Port Forwarding Essentials Only:
Ensure that only necessary services are accessible through NAT and that any port forwarding is justified and secure.
7. Security Updates/Patching:
Ensure all systems are updated with the latest security patches, including firewall systems and any other network devices.