Multi-Layered Security
Any out-of-box OS must be considered relatively insecure (low trust). The only way to reliably maximize the trust of a system or network is to develop a strict security policy, and religiously follow the rules in your policy when configuring any node. Read O'Reilly & Associates' Practical UNIX & Internet Security for some good guidelines to follow when developing your own policy. The Site Security Handbook (RFC 2196) is also a suggested read.
The link for this article located at daemonnews is no longer available.