[twistedpair]

Generally you don't need 95% of the stuff that's running. Use the bare minimum. Compile the server you're using, say Nginx, from source with only the bare minimum of options and modules you need. Disable all the services/ports and then selectively enable the ones you need.

Best of all, don't have anything worth stealing. Don't keep the credit cards on your servers, parrot them through a vendor. Don't keep user credentials on your system, us OAuth, Fb or Google auth. If you've got nothing valuable to steal, they'll likely not break in.

But then again, if the Fed's want in, they'll just pull your box from the rack. Don't forget that you can literally freeze a DIMM and dump it and all the encryption keys to another mobo. So, as is the CIA's policy, if you don't want anyone to know something, don't let it touch a computer. ;)