It has a built-in firewall -- iptables. There is a simple GUI for it listed as Security Settting in the menu, I think. There are other (better) front ends you can add for it like Guarddog or Firestarter.
F-Prot is a basic free-for-personal-use commercial AV and there is a GUI for it also called Xfprot, but you may not even want to deal with an AV unless you are running a server of some sort that interfaces with local Windows machines -- like if you run a mail server for 5 Windows boxes and you want to scan email attachements. Virii that hit Linux itself are few and far between, I think.
Here are 2 links to sites that will find RPM packages for you, but you need to know what you are looking for to use them. Ususally, I read about something interesting somewhere like here, and then I will go to one of these and search for "xfprot", for example.
If you want to browse for new things by category, try: