http://blog.al4.co.nz/2011/05/setting-up-a-secure-ubuntu-lamp-server/
Install ufw
ufw: uncomplicated firewall, is a great little firewall program that you can use to control your server access rules. The default set below are fairly standard for a web server but are quite permissive. You may want to only allow connection on a certain ip if you will always be accessing your pi from a fixed ip.
UFW Documentation https://help.ubuntu.com/community/UFW
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 22/tcp
sudo ufw enable
Change root password
Set root password
sudo passwd root
The default root password used in the ready to go image is raspberry. Change this to a hard to guess password to make your root account secure.
Secure MySQL
Run mysql_secure_installation see mysql docs
mysql_secure_installation
Secure SSH
Disable root login:
sudo nano /etc/ssh/sshd_config
Set PermitRootLogin to no