The largest part of inbound security blocks should be reconnaissance traffic. It's not to say thatReconBots are a good thing, but just about everything else can be reduced to near zero levels. Fix what can be fixed, don't obsess about what is unfixable. So here are the keys to reducing your exposure:
- Turn off unnecessary services (easy)
- Tighten up the firewall rules (easier)
- Shun the ReconBots and known bad actors (RiskAnalytics does this for you)
If your count of “Brute Force” blocks is non-zero, that means that you are exposing login capabilities to the open Internet. This means you are vulnerable to weak password attacks. Top peril. Easiest to fix.