1) Making sure SSH only accepts public keys. This removes the possibility of a hacker guessing a password.
2) Use fail2ban. This rate-limits SSH attempts.
3) Keep your packages up-to-date, especially Web applications.
4) Use a default-deny firewall configuration, and make sure your services bind to the localhost interface. Letting the outside world directly talk to your database, Redis and memcache lets someone see your application data without any security checks, and this should only be possible for the application itself.
1) Making sure SSH only accepts public keys. This removes the possibility of a hacker guessing a password.
2) Use fail2ban. This rate-limits SSH attempts.
3) Keep your packages up-to-date, especially Web applications.
4) Use a default-deny firewall configuration, and make sure your services bind to the localhost interface. Letting the outside world directly talk to your database, Redis and memcache lets someone see your application data without any security checks, and this should only be possible for the application itself.