> 1) Login timing - only login first 5 seconds of the minute > 2) Rotating passwords by day / hour > 3) Logging and email alerts - every login attempt generates an email > 4) Login hours - If you are home at night, no logins then. > 5) Rate limiting - stop responding for 10 minutes after 3-5 failed > attempts > > All of this stuff has downsides. If it is *vital* you log in you may > not want to do some of them. What ever you do, I would go with SSH > and set it up to use *large* keys only.
Some of those seem a little overkill. It would be much easier to watch your secure log and add an IP to your firewall after so many failed login attempts. Most brute force attacks are quite obvious when they start pounding your server with dozens of login attempts with usernames in alphabetical order. _______________________________________________ Soekris-tech mailing list [email protected] http://lists.soekris.com/mailman/listinfo/soekris-tech
