Simplified, generic, basic guide follows. You can probably find a guide for hardening all these individual things on your system, so trying to enumerate them all would be a losing game.<p>Primary question to ask yourself: What connections are allowed from the internet into each host, protocol and port on your network?<p>Primary task: Firewall off all traffic coming into your servers from the internet to be only web and VPN access.<p>Secondary question to ask yourself: What stuff can run on my servers, and by whom, and what access do those users have?<p>Secondary task: Limit the users who can run programs, limit what parts of the system those users can view or modify, limit the programs that can run, limit the files and directories that can be accessed.<p>Tertiary question to ask yourself: Is my software full of bugs or security flaws?<p>Tertiary task: Use software designed to be secure by default, configure it to be secure, and update it for security patches constantly. Note that this does not mean "upgrade it constantly".<p>Additional considerations: Don't use shared accounts, don't use root, use keys/certificates whenever possible, use a separate machine for the VPN, put some sort of network intrusion detection/firewall/defense-in-depth/blah blah network appliance in front of the public facing servers, use a web application firewall, monitor your logs for unusual behavior, and get someone who's very familiar with security to double-check your setup (read: break into your servers and tell you the holes they found)