In fact, you are given a dedicated server (which is simply not iron, for that it is virtual). If we talk about digitalocean - you really have everything allocated there (memory is not rummaged, but allocated at the start of the virtual machine, the processor core is personal for you at rates from $ 10, lvm-volume with only your virtual machine (in fact, a section of the raid array allocated for you )).
All settings within the system are handled by you. Moreover, the hoster is not even responsible for the fact that your system has started. If the virtual machine is loaded to the BIOS, then the hoster has completed its work to ensure the operation of the server (we will omit questions about the network in this context). If the OS is broken and it does not boot, you have a "reinstall a clean system" button. Again, you are responsible for backups (digitalocean provides paid backups, but they are not very convenient). For safety - you.
In the case of digitalocean, you have access to the virtual machine's "monitor" and a bootable rescue-livecd. In general, everything.
Regarding how to configure (if we are talking about the standard LAMP stack), then:
1) debian 7 x64
2) disabling root password authorization, using ssh keys
3) install snoopy for diagnostics , configure sftp logging.
4) do not use ftp, use only sftp. Preferably with keys. Under no circumstances should the sftp client store passwords from the account or ssh key.
5) nginx+apache-mpm-itk + php 5.3 and higher + percona-server instead of mysql
6) enable open basedir in virtualhost configs if the site will work with this setting (this option prevents php scripts from accessing them via http outside the directories specified in basedir)
7) do not forget to enable MatchUser/MatchGroup for virtual hosts
8) be sure to configure the default host for apache and nginx in order to exclude processing of any requests via http that is not controlled by configs. Usually hang 403 or 404 error as a default.
9) do not install extra software, do not mindlessly enter commands from manuals accidentally found in Google, if you do not understand what exactly this command does.
10) do not install software from source, especially from untrusted sources.
11) if outgoing mail is needed on the server, then correctly configure restrictions for it. For example, for exim4 (it is preferred in Debian) - one , two .
12) remove all unnecessary administrative scripts for http-auth - phpmyadmin, site admins, graphics, monitoring, and so on.
This will eliminate almost all possibilities of attacking the server from the outside. In this configuration, if you are hacked, it will either be because of a stolen password/key, or the site itself will be broken and malicious files will be uploaded through php scripts of the site itself.
Moreover, in this configuration, I have not yet broken a single virtual machine (there were problems with infecting individual sites, of course - but this was done explicitly through php), despite the firewall allowing everything and the standard ssh port.
In general, admins charge about 500 rubles for setting up all this stuff for 2-3 sites.

In general , @inkvizitor68sl wrote everything sensibly, I would just add:
1. For a beginner, it might make sense to start not with Debian, but with Ubuntu 12.04. According to him, the network has a lot of lessons and information in all languages ​​\u200b\u200bof the world, so the entry threshold will be easier. And as you become a seasoned Unixoid, nothing prevents you from switching to Debian or something that you personally will already like - by that time you will understand it for yourself. Transferring sites from one droplet to another is a matter of minutes.
2. Regarding the firewall. I closed everything through iptables, leaving only http, ssh and loopback. On DO there is a normal lesson on this topic.
3. And about the mail. To make mail correctly on the server - a problem that still. Personally, I don’t take responsibility for client mail at all, because the hemorrhoid is specific (and on VPS I have not only my own projects, but also client ones). The ideal option is Yandex mail for a domain (free) or a similar solution from Google (paid). The advantages of this approach are obvious: stability, reliability, security, familiar webmail GUI, ready-made applications for iOS/Android, and so on.

Actually, you yourself are watching, or a hired system. admin. The owners of the VPS hosting service simply sell you machine time, disk space and a channel.

You yourself and monitor the security of your VPS.
You get completely your virtual server that you set up yourself.