I apologize in advance. I feel like this is a stupid question, and/or its been covered to an exhaustive degree, but I'd like to try to develop a warm and fuzzy feeling about my setup, and don't really have it yet.

I plan on going public with a website soon. The setup would be apache2 front end, jboss/tomcat running on the middle, postgresql database, and most likely an smtp server (postfix). Access through ssh. The plan now would be to host the server at a decent colocation site (something like http://www.cihost.com/).

Assuming a decent firewall setup, turning off most services not needed, and keeping up on the patches, how likely is it that somebody gets access to the system? I've spent the vast majority of my time building software and not dealing with hardware and server security, so I'm sort of on the ignornat side of things here. I mean, I assume that sort of a setup would be fairly resistant to attacks, and most of my exposure would be application related, but I'm just hoping for a "yeah, you're probably ok", as opposed to a "you're crazy".

In the grand scheme of things, we're not keeping financial data or too much personal data, but the people on the site certainly wouldn't be happy if their data got out.

Thanks in advance,
-Kevin

good question, i am in the same boat... what kind of hardware do you have in front of the box... i have a cicso soho 91 and i am curious about how serviceable an external firewall this be... I am going to be running coldfusion and mysql apps