At my work place we are soon going to start accept orders using e-com and credit cards. We run ngnix server (public IP) for static files and dynamic stuff is handled by Apache and fastcgi+php5. I'm already running ngnix in jail using chroot and apache from freebsd jail (private IP). MySQL is also running from another Linux server. I've also installed and configured mod_security2. What else is required on server level to secure it further apart from pf?