Components of GeoHelm are run as non-root users.
In order to secure your installation, it is important to:
1. Disable Root Login
2. Change SSH Port
3. Install IPTables, FirewallD, or UFW
4. Change Port Number for Webmin
5. Lock Webmin to Office IP/IPs
6. Install PFSense (Or similar software)
7. Disbale All Unused Services.
8. Change Apache Tomcat Shutdown Port
9. FTP is disabled by default. Use SFTP!
10. Install Intrusion Protection.
The above is by no means exhaustive but should provide a reasonably secure installation.
No server is 100% bullet-proof; always have a recovery plan.