Below are common items for securing your instance.
Disable root login
Change SSH port to non-standard (22) port
Change Webmin port to non-standard (10000) port
Install IP Tables
Restrict access to Webmin to your IP
Disable all services not in use
All Tomcat services are owned and run by user tomcat with minimal privilages.