Hi David,
As a basic rule only open what you need. Which is likely http (port 80) and ssh (port 22). You may want to block (DENY or REJECT, I prefer DENY) all ports from 0-1023 (0-64k is even better but I find it an overkill) of all outside interface (e.g. eth0, eth1, etc.). Then using netstat -nap see if any ports above 1023 is running and close them down. Also since this is your first time, try doing it on your home machine. Connect to your remote machine and secure your home machine remotely, that will likely simulate what you need to do in your remote machine. You can use nmap to scan ports for you.
Just remember the basic rule only offer what you really offer to the world. Any other should be kept shut, or better yet shut down the service don't just hide them.
Jun
