rssh is a restricted shell for use with OpenSSH, allowing only scp, sftp, rsync, rdist, and cvs. The rssh website provide downloads to its source code tarball, as well as source rpm package. The compilation is straightforward.     

Install BIND

# emerge -v bind

When it finishes, here is the message: 

• IPTables HOWTO for CentoOS
• How to use iptables against SSH attacks
• Blocking international network traffic to your server 
• How to use IP Tables 

Browsers ships with certificates from well-known commercial CAs. If your web servers use certificates signed by your own CA, your CA certificate must be exported to every browser on every client system that will be connecting to an SSL-enabled web server.

This article 10 Tips for Wireless Home Network Security is a good starting point for securing your wireless home network.

On most current Linux servers, we can enable syncookies to help defend syn flood attack. On newer kernels (kernel version >= 2.6.26), there is also is the "tcp_timestamp" option

sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_max_syn_backlog=2048
sysctl -w net.ipv4.tcp_synack_retries=3

References:

• http://www.securityfocus.com/infocus/1729
• http://lwn.net/Articles/277146/

More reference on defense against syn flood:

Note: ip_conntrack interface is getting aged. There is a new set of tools conntrack_tools, http://conntrack-tools.netfilter.org/.

There are a few things we can do to tweak ip_conntrack.

Increase the value of ip_conntrack_max

To find the current setting of ip_conntrack_max:

# cat /proc/sys/net/ipv4/ip_conntrack_max

To temporarily change this value, do

# echo "new_value" > /proc/sys/net/ipv4/ip_conntrack_max

To permanently change this value, do

# sysctl -w net.ipv4.ip_conntrack_max=new_value