# Securing the VPS
## Network Security
- **SSH Hardening**: Password authentication disabled, root login disabled, key-only authentication
- **Firewall Configuration**: UFW with deny-all incoming, allow-all outgoing defaults
- **Fail2ban**: SSH brute-force protection with configurable ban times
- **Kernel Network Hardening**: IP forwarding disabled, source routing blocked, ICMP redirects disabled