Well, limit what ports are open to the Internet from the router, first off. If you just need SSH and WWW, then only open those two ports.
To secure SSH, disable root logins and use strong passwords. You might want to play around with the values for simulations logins, failed authentication attempts, etc to prevent brute-forcing passwords; but really, SSH is very secure and the chances of brute-forcing a password is very low even with the default settings due to the way it handles authentication.
As for securing Apache, that is a bit bigger of an issue. It depends on what modules you need, how the site is going to operate, etc, etc. I would start reading up on Apache security before you go live with the site, you want to know what specific security adjustments apply to you and your site before it is publicly available.