Admin Digest: The Basics of Linux Network Security - page 3
To add extra security to the various services, Linux has a system for allowing and denying them to chosen hosts. For instance, you may wish to allow logins from machines at your own site, but not from the Internet. The files /etc/hosts.allow and /etc/hosts.deny list allowed services and hosts.
The method of denying connections by checking the host provides a good basic method for throwing off attacks. But it is not the end of the story. It is possible to fake host names on incoming connections ( oh yes it is ). While data is in transit between programs over the Internet it is also in danger. Anyone with the knowledge can look at your data. Using a method known as 'spoofing' they can even inject fake data into a legitimate stream. These problems come about because of the way that Internet protocols interact. To overcome these difficulties ssh was devised.
Ssh is a stable, well-developed system with open source that provides encryption and authentication on connections. Encryption is using codes to protect the packets of data while in transit. Authentication is a process for verifying if a.packet of data or a connection is valid. There are ssh clients for most other operating systems too. By using Linux as a server you can provide ssh level security for all your network use.