Switch proxy password encryption over from CRYPT to MD5

Add in a hardened, more secure kernel, such as grsecurity

Write a firewall script to make the server more secure by allowing only certain IP addresses to login for administration purposes only and incorporate a new setting in swatch to log this.

Write a script to automatically update the blacklists with the daily new releases for url monitoring.

Switch ssh password login over to passphrase style login, or even better, a "One Time Password System".

Uninstall all unnecessary packages, including the XFree86 server (GUI server), as unnecessary packages, mean unnecessary risk.

Set up console access in case main server login becomes unaccessable and this way you can log in via the serial port.

Employ a strict backup scheme for all configuration files.