• Lack of encryption and poor host authentication • Disable if not absolutely necessary • Never password-less root authentication • Do not use wildcard Ħħ+Ħħ, for any users or any mashine • Migrate to SSH