The iptables and ipsec filtering, deney/allow setting and all things protecting the flow of data in and out of the network can not be taken lightly.
But once inside these features provide security never available on a PC desktop before.
I will also add that with LVM, one big partition for a PV is visible as a partition from tools where as the whole disk PV can not be seen by older tools. You can decide when that is a security feature or an easier target. I've read both sides.
And nothing beats a an extra router / firewall / gateway before the network segment.
And the proxy, caching severs can limit identity.