Comment by sam_lowry_

The nastiest break in I ever had worked because I installed wget on that server for convenience.

It exploited a known Drupal vulnerability to drop in a PHP script that in turn executed wget to download a payload.

So I agree about the importance of reducing the attack surface.

Now, ssh with password authenticated on a tightly controlled server, without fail2ban, port knocking and other tricky setups is exactly it. A setup with reduced attack surface.

> Anyone who sacrifices security for convenience is asking for trouble.

The you should switch off your mobile devices, destroy the sim cards and never connect again.