Fine tuning? Grab a newer kernel from www.kernel.org
and compile it to fit only your specific hardware. Its not incredibly easy, make sure to pack through the kernel-how-to first.
Also, figure out whatever your system daemon manager is depending on GUI and distro and kill the daemons you don't need. The command 'top' tells you the total number of processes running. 100+ is a bit overkill these days, but with half a gig of ram on a P4 2.2, I doubt that you would notice.
The kernel firewalling is done with iptables. You can fiddle with all sorts of commercial/non-commercial products out there. Smoothwall is a favorite. I don't know nearly as much about security as I should.
As a Posix compliant UNIX clone system, Linux is going to cache a ton of sleeping processes. Actually, if you let it run for a long time, it should hopefully fill up all of your RAM. This is a good thing as it knows what to flush and what to leave sleeping much better than Windows. Linux swap is still a fixed partition instead of windows poor implementation of a dynamic disk usage. The old rule of thumb was a swap twice the size of your RAM, but I have plenty of machines on months of uptime with a swap half the size of their RAM.
I've never heard of the kernel mis-reporting the RAM size, but there's plenty of FUD out there. Some of the RAM is going to be reserved for the kernel, so the total reported by 'top' should be a few hundred K short of the total, but that's it.