All web servers are 'hardened' against hackers with proprietary tools, OS tweaks, network procedures and constant monitoring. This is not a guarantee that a hacker could not succeed.
We have System Administrators that are dedicated to security. They insure that we are current with all OS patches. We have very high level software maintenance contracts with our vendors (SGI, Cisco, Foundry) so that we are sure to have the latest patches and support staff available to us 24x7 for fixes.
Security audits are run regularly. This supplements our internal efforts to keep our servers as protected as possible. We do record and monitor illegal port accesses both on the networking hardware and the servers. We log all accesses to our servers which allows us to check the accesses for intrusion attempts. We also deploy ankle-biters and honeypots so that we are notified of any active attacks.
For Denial of Service attacks, a procedure called "ipfilterd" allows us to block attacks directed at a single web site on a server rather than a network level giving us better granularity. "spamd" is another tool used to minimize the effect of attacks specifically on e-mail. Blocking spam makes us less of a target for those hackers targeting Spammers.