Separate the Database and Web/Application Servers
Keep the database server separate from the web server. When installing most web software, the database is created for you. To make things easy, this database is created on the same server where the application itself is being installed, the web server. Unfortunately, this makes access to the data all too easy for an attacker to access.
Instead, a database should reside on a separate database server located behind a firewall, not in the DMZ with the web server. While this makes for a more complicated setup, the security benefits are well worth the effort.