This is a consolidation of general best practices for servers I've learned and developed over the years. Feel free to share some of your own as well!
- Never use telnet or ftp - use ssh or sftp instead.
- Never use HTTP with anything that could compromise the integrity of your system.
- Never login as root.
- If you install it, keep it up to date.
- If you don't use it, remove it.
- Always check the changelog before updating.