Spent a nice chunk of the day scanning my forward facings systems with OpenVAS on Kali Linux.
I lot of the vulnerabilities are due to weak ciphers. SSH, https, imaps, pops, smtps.
From old SSLv3, TLS 1, and algorithms like CBC and weak DH like 1024bit.
Working through each of them to toughen them up. Luckily I only had 1 reported High vulnerability and that was phpinfo web page on a server not exposed to the Internet.
Hoping to get everything under 5 and maybe under 4 as well.