Over the internet You’d hear hundreds of sysadmins expressing their own opinion regarding this but Here is my take on The basic practices for every sysadmin.
1. Don’t use Plain-text password on SSH
Use a Key pair for added security, I recommend using something like krypton
2. Block by Default, Allow conditionally
This is important, By default, Block all connections in both directions. Then, allow selectively the ports that you need. (e.g. 22,80,443 etc.)
3. Update Regularly
I can’t emphasize this more, Every update is Important, make it a habit to update your servers at least once a month & keep an eye on various Journals for security disclosures.
4. Make a Disaster recovery plan
You never know when a vulnerability will strike You so always prepare n advance. It’s very important to set up automated backup, fail over and security audits in advance. This will save you from embarrassment later.
5. Always log out
This sounds really stupid but is very important. If you properly terminate sessions then you’re making sure that nobody else can get into your leftover active session and using it as a gateway.
Additionally, It’s a good habit not to use the full access accounts and use privilege escalation whenever higher authority is required. e.g. never use root account, rather set up a user and add it to sudo group.
Got advices of your own? Leave them in the comments below.