While investigating an incident in a company's SIEM console, a security analyst found hundreds of failed SSH login attempts, which all occurred in rapid succession. The failed attempts were followed by a successful login on the root user. Company policy allows systems administrators to manage their systems only from the company's internal network using their assigned corporate logins. Which of the following are the BEST actions the analyst can take to stop any further compromise? A) Add a rule on the affected system to block access to port TCP/22.
B) Reset the passwords for all accounts on the affected system.
C) Add a rule on the perimeter firewall to block the source IP address.
D) Configure /etc/sshd_config to deny root logins and restart the SSHD service.
E) Configure /etc/passwd to deny root logins and restart the SSHD service.
F) Add a rule on the network IPS to block SSH user sessions.