Use container systems like docker or LXC

Container systems allow finer resource control and protection from privilege escalation. Should one service have a vulnerability that allows shell access or similar, breaking out of the container would be an additional hurdle before a full compromise.