diff --git a/vps-audit.sh b/vps-audit.sh
index f32d4e4..a3a2d07 100755
--- a/vps-audit.sh
+++ b/vps-audit.sh
@@ -124,13 +124,14 @@ else
     check_security "SSH Password Auth" "FAIL" "Password authentication is enabled - consider using key-based authentication only"
 fi
 
-# Check SSH default port
+# Check for unsecure SSH ports 
+UNPRIVILEGED_PORT_START=$(sysctl -n net.ipv4.ip_unprivileged_port_start)
 SSH_PORT=$(grep "^Port" /etc/ssh/sshd_config | awk '{print $2}')
-if [ -z "$SSH_PORT" ]; then
-    SSH_PORT="22"
-fi
+
 if [ "$SSH_PORT" = "22" ]; then
     check_security "SSH Port" "WARN" "Using default port 22 - consider changing to a non-standard port for security by obscurity"
+elif [ "$SSH_PORT" -ge "$UNPRIVILEGED_PORT_START" ]; then
+    check_security "SSH Port" "FAIL" "Using unprivileged port $SSH_PORT -  use a port below $UNPRIVILEGED_PORT_START for better security"
 else
     check_security "SSH Port" "PASS" "Using non-default port $SSH_PORT which helps prevent automated attacks"
 fi
@@ -149,17 +150,26 @@ else
     check_security "Unattended Upgrades" "FAIL" "Automatic security updates are not configured - system may miss critical updates"
 fi
 
-# Check fail2ban
+# Check Intrusion Prevention Systems (Fail2ban or CrowdSec)
+IPS_INSTALLED=0
+IPS_ACTIVE=0
+
 if dpkg -l | grep -q "fail2ban"; then
-    if systemctl is-active fail2ban >/dev/null 2>&1; then
-        check_security "Fail2ban" "PASS" "Brute force protection is active and running"
-    else
-        check_security "Fail2ban" "WARN" "Fail2ban is installed but not running - brute force protection is disabled"
-    fi
-else
-    check_security "Fail2ban" "FAIL" "No brute force protection installed - system is vulnerable to login attacks"
+    IPS_INSTALLED=1
+    systemctl is-active fail2ban >/dev/null 2>&1 && IPS_ACTIVE=1
 fi
 
+if dpkg -l | grep -q "crowdsec"; then
+    IPS_INSTALLED=1
+    systemctl is-active crowdsec >/dev/null 2>&1 && IPS_ACTIVE=1
+fi
+
+case "$IPS_INSTALLED$IPS_ACTIVE" in
+    "11") check_security "Intrusion Prevention" "PASS" "Fail2ban or CrowdSec is installed and running" ;;
+    "10") check_security "Intrusion Prevention" "WARN" "Fail2ban or CrowdSec is installed but not running" ;;
+    *)    check_security "Intrusion Prevention" "FAIL" "No intrusion prevention system (Fail2ban or CrowdSec) is installed" ;;
+esac
+
 # Check failed login attempts
 FAILED_LOGINS=$(grep "Failed password" /var/log/auth.log 2>/dev/null | wc -l)
 if [ "$FAILED_LOGINS" -lt 10 ]; then
@@ -172,12 +182,14 @@ fi
 
 # Check system updates
 UPDATES=$(apt-get -s upgrade 2>/dev/null | grep -P '^\d+ upgraded' | cut -d" " -f1)
+if [ -z "$UPDATES" ]; then
+    UPDATES=0
+fi
 if [ "$UPDATES" -eq 0 ]; then
     check_security "System Updates" "PASS" "All system packages are up to date"
 else
     check_security "System Updates" "FAIL" "$UPDATES security updates available - system is vulnerable to known exploits"
 fi
-
 # Check running services
 SERVICES=$(systemctl list-units --type=service --state=running | grep "loaded active running" | wc -l)
 if [ "$SERVICES" -lt 20 ]; then