Look up AppArmor, SELinux and a bunch of other things. You can harden a server by closing ports, disabling unnecessary or unused services, add encryption, checksums, set and restrict execute and access permissions, set and require stronger passwords,... and a ton of other things just on the admin side.
Those hardcoded "0000" and "123456" default passwords in some IoT devices just shouldn't happen. That's part of hardening, too...
:-D
(edit: basically, reduce the attack surface)
� "BB10 dead?" - "Let's dance the Danse MacaBBRY! ... or is it..?" ;-D �