All Linux servers are locked down to the highest security standards possible. All services are off by default and all ports shut. Only the required services started.
To lock down a server:-
- Install and run only the services you require.
- Block all ports by default and open only those that are required
- Run servers as low permission user
- Disable direct login to ROOT completely.
- Block SSH login attempts from unknown locations and machines.
- Set up tripwire to detect intrusions
- Increase file handles