VPS Security - Rational vs Paranoia

[cstaley]

OK, I've had my first and only VPS for 3 days now (before I was an Ensim reseller, so I didn't have to worry about security issues). I'm very concerned about doing justice to making my VPS as secure as possible before I bring my reseller clients on board.
BTW: I have the Freedom Plan with the Interworx CP.
1) How do I know whether my VPS is secure enough (everything from root level stuff, like brute force detection to email virus protection)?
2) What are good, sound practices?
3) How do I know whether I have what I need or whether I need to implement more security?
4) How do I monitor these things once they are (or if they already are) installed?
5) What are good maintenance procedures to making certain the security is up to date?
I don't want to be paranoid, but I do want to make certain that I'm being as responsible as I can be.

Thanks!

[AlexKall]

One of the most important thing to remember is to have long and hard to guess passwords, never use words! Use random passwords with uppercase, lowercase and numbers in a mix. And it should be atleast 6 chars! The more the marrier! This is a rule you should have on all passwords you use on your server. Also never use the root password for anything other then root access (the user root), the more different passwords you have the better, because if they get one password that you use over the whole server it means they will be able to get around as they please at the highest level! (root)

This is a good post by Jag for securing the server, it is based on CPanel, just skip those parts that are specificly for CPanel.

http://www.jaguarpc.com/forums/showthread.php?t=13646

Also my opinion is that you can never be to paranoid when it comes to server security. They really are out to get you! But that article covers alot!

Might not have answered all your questions but should atleast have given you some pointers to the right direction!