The first step in beefing up security on our Pi is to change the port through which we connect. SSH defaults to port 22. If you were to scan the Pi and see that port 22 was open, you know you can attack there. My changing the port number to something else (say: 9000) we obscure the entry point to our Pi.

Think about it: you are a robber scoping out which house to rob. You don't know what's in any of the houses. You know you can get in through the front door if it's unlocked fairly easily. So if you remove the front door such that the entrance to your house is on the side the robber may not see it. It's easier from the robber's point of view to move along to the next house than waste time and try to figure out how to get into yours. That's effectively what we're doing here.

This tutorial is a little older (published in 2014!). The main principles are still relevant, so I haven't needed to update this lesson.