Anyway to do to avoid Brute Force attacks?

[Richard G]

We have more than one person's ip whitelisted

That's it's a good solution. We got 2 admins being able to login to DA, so they can always change the sshd config file if needed.

 

[Ohm J]

One more solution For Dynamic IP
just use Dyndns option,
If you don't have any other choice, this can help you

 

[youstable]

CSF is Free and provides satisfactory protections from such attacks but we are using BitNinja at YouStable for better and enterprise-level solutions. It's been a while with them and haven't faced any major issues except a Broken SSL-related problem that can be fixed with few easy commands.

 

[k1l0b1t]

I think solutions differ if you have one server or a lot of servers. We have more than one person's ip whitelisted so if one ip changes, the other can update the edge firewalls

I've seen places that use a single server which is whitelisted as a jump host, and just limit access to that jump server. quite clever, but if you don't secure the jump server good enough, it's quite dangerous.