To protect your system from unauthorized access you should grant direct system access (e.g., remote via RDP or directly via a management console) only to a limited group of users.
You should also enable access only to the most necessary services on the server (such as database, PPM system, load balancer) in the firewall.