Re: Sigh
That is the reason why the controllers and distributors of many bot nets and bots are hacked Linux units at the big hosters. Their personal for that department is typically neither certified nor experienced and the installations often are used well past "due date" to cut costs. There is a lot more to secure a system box than setting a root password.
Good Admins are costly. They need training and tutorship well past "4th semester IT student that likes Linux" and a broad set of skills not only with the base os but also with the software that runs on it, firewalls, load-balancers. performance tuning for the server job(1) and system architecture. And for a system that is visible to the world a good admin is essential.
Setting up a "toy" box for internal testing/development even at the company level OTOH is plug and play with the big distributions as it is with Windows server. It sits resonably save behind the company firewall (or the DSL router firewall) and modern distributions are pretty much locked down. That is something any software developer does on the side. Performance issues rarely come up (slower is actually better for a test server - if it works good there the customer servers will have no problems) so tuning is not required
(1) A file server has different needs than an application server or a database server and so on