1. After initial login always make another account thats not root 2. Remove the ability to ssh into your server. Make it rsa key login only. Non-technical description: don’t let people use username and password for ssh 3. If using aws make a new .perm per instance group. Por