Just be sure you do not need any of the functionalities described ahead before you make the changes. If you discover later that you need, change it back at any time.
Edit the system configuration file:
sudo nano /etc/sysctl.conf
Look for the following lines:
net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0
Uncommenting these lines you may prevent some methods of IP Spoofing and Man-In-The-Middle attacks.
In the same config file look for the following lines:
net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0 net.ipv4.conf.all.log_martians = 1
The command above also disables router functionalities, if your server is not a router.
You can also add this line at the end to stop responding to pings:
net.ipv4.icmp_echo_ignore_all = 1
I can’t see a technical safety reason to disable pings, but I can imagine that some “hackers” can be discouraged and jump to the next random IP that is responding.
Save, exit, and apply your changes by issuing the command:
sudo sysctl -p
To know more about optimization of the system configuration, visit this link [Link].
See another post about installing the service Fail2Ban [Read It]. It is a monitor that reads the log file of the services that are running, such as SSH, FTP, HTTP, etc, and in case of many authentications fails in one certain period if bans the original IP interrupting brute force attacks. This service also works with WordPress [Read It].