Just because you spent the better part of a day hammering down the security bolts on your ironclad server, it does not mean your server is secure. Being human, you could have overlooked something small but potentially devastating. The only real way to test the effectiveness of any security measure is to test it, just as a real world military defense system needs to be tested for weaknesses.
Regardless of what type of server you have or what software you are running, there are basic types of attacks that can affect any operating system on any hardware. Many sites, such as Security Metrics, provide port scanning and firewall testing for both home office/personal and business server/firewall systems.
Security Metrics will test 65,535 TCP ports and numerous UDP ports, run vulnerability tests, mail proxy tests, default password tests, and scan your website for cross-site scripting (XSS) holes. Best of all, the service is free to use on up to three servers.
Photo Source: Wikimedia Commons