I have a three strike rule on my home Linux boxes. I only have the SSH port open, you get three attempts to authenticate and then you're locked out - permanently (at least until I manually release the locked out IP). Also, to authenticate, you get a shot a entering passwords, however no password will ever work since I only accept pubkey authentication. And ssh is configured to only allow my personal login, and no others, remote access. Any other services I want to us on these Linux boxes are configured to listen only on the localhost adapter, so I have to first tunnel in with ssh before getting to them. Firewalls and routers block these other service ports from the outside world as well as me having their services attached only to localhost. As I said in an earlier post: "LAYERS of security". You can never get things perfectly secure, but you can make unauthorized access more difficult.

All my setup is obviously to protect ME from incoming threats. It's much harder to protect yourself from making a mistake when connecting outgoing to some (possibly spoofed) website. Your brain is the biggest asset there. No "software security suite" is going to protect you from your own ignorance. You might get a little help from security suite software here and there, but it's certainly not idiot-proof or bullet-proof protection.