I am configuring a CentOS system to act as a PDC for a predominantly Windows-based network (all clients are Windows XP).

This server will be directly connected to the Internet through a small Linksys router, and will have a static IP associated with it. It will provide web services to the public. It must also make SSH available for administration purposes. Any other services will be strictly internal.

What sort of security measures should I implement on this server to keep it secure from outside attack, yet still be administerable from the Internet?

I realize this is a broad question, so a range of answers are possible. I will award points to the most helpful information.
Thanks!

Well, limit what ports are open to the Internet from the router, first off. If you just need SSH and WWW, then only open those two ports.

To secure SSH, disable root logins and use strong passwords. You might want to play around with the values for simulations logins, failed authentication attempts, etc to prevent brute-forcing passwords; but really, SSH is very secure and the chances of brute-forcing a password is very low even with the default settings due to the way it handles authentication.

As for securing Apache, that is a bit bigger of an issue. It depends on what modules you need, how the site is going to operate, etc, etc. I would start reading up on Apache security before you go live with the site, you want to know what specific security adjustments apply to you and your site before it is publicly available.

I'd like to discourage members to respond to these posts.
This is the product of a SPAM bot.