SSH key authentication instead of password: Disable root login via password in /etc/ssh/sshd_config (PermitRootLogin no) and use key-based authentication. Firewall: Linux: Install and configure UFW or iptables to allow only necessary ports (22, 80, 443, etc.). Windows Server: Configure Windows Firewall to permit only required services. Fail2ban: Install fail2ban to block repeated failed login attempts: ```bash sudo apt install fail2ban sudo systemctl enable fail2ban sudo systemctl start fail2ban ``` Regular updates: Run apt update && apt upgrade -y (Debian/Ubuntu) or yum update -y (CentOS/RHEL) to apply the latest security patches. Least privilege principle: Create a separate user with limited permissions for daily tasks and use root only when necessary.