"Objection, your honor!" FTP cannot possibly be made "secure" by methods only dealing with server machines, OSs and configuration, because none of that will even begin to touch its single biggest flaw: passwords going over the net in clear text. If you used only anon FTP, that'd be a different story, but I don't recall that restriction having been mentioned anywhere in this thread.
That I agree with whole-heartedly. I'ld even turn it around and say: if you need "graphical access" to it, it doesn't really qualify as a server box.
Windows admins may be used to thinking otherwise, but that's really just a bad habit. Thus the old joke of how you can tell a Windows admin from a Unix one on sight: one of them has to run around the place so much he wears sneakers to work, the other can invariably found sitting right on his chair in his office, optionally wearing no shoes at all.