Whilst it is ideal to have those who hack into your machine to be put in a cell, what good will it give you if s/he has done significant damage already, right? Prevention is the first thing to do, of course. In most systems, SSH is one of the services that is open to allow for remote access. Whilst it is secure, the software is not always 100% perfect. Your SSH deployment is only as good as the latest patch. So as vulnerabilities are discovered, hackers are often quick to take advantage of lazy system administrators who take forever to get their machines patched. How do you protect yourself against this situation? Yes, don't hire lazy administrators! haha. However, you can add a way to contain the hackers to a sandbox, where s/he cannot do harm to the entire system.
Anze Vidmar demostrates how you can use SSHJail to restrict access via OpenSSH without changing any configuration on your OpenSSH deployment.
Whilst this does not guarantee a 100% secure system, it does help you get closer to that ideal. :)
A company should really find a good team of administrators for their network security. SSHJail and a the proper firewalls, encryption, and VPN network should all be used, not just one.
http://nationwidevpn.com
I hope high speed internet providers offer more security so hackers dont succeed! http://ds1providers.com