No one can *prevent* a DoS attack.
Unless you're running SSHd for a shell account box tho, you can use the directives MaxStartups, AllowGroups and AllowUsers to tighten control over handling connection traffic, and if compiled with TCP Wrappers, hosts.(deny|allow) as well. As for Apache it has modules for throttling, and for denying by IP address/range.
Using these options you can finetune daemon behaviour but they won't protect you from a DoS attack, servers are a nice target indeed because they will have to serve to world, and so can't be allowed to have some mechanism fill hosts.deny with lotsa (spoofed) IP addresses, so for this you'll need assistance of your upstream provider to filter packets at the router, or just close the pipe for the duration of the attacks.
Please look at some CERT tips
for more info.