As mentioned above, you for sure want to make sure any ports not required are closed, although as pluggy mentioned, default linux is usually not running very many services listening for connections, unlike windows and os x.
I use iptables on my linux boxes to restrict the ip addresses that can access port 22 because if port 22 is open to the internet you will get dozens to hundreds of brute force attempts to guess username/passwords every day. Same thing with FTP, which you should avoid, but sometimes can't.
Changing the port ssh listens on helps only a little as people will port scan your machine and brute force just about any port they find open. Even if you have ssh set to use key access only, people will still pound the port which in itself can cause issues, probably even more so on a low power machine like the RPi. If you like to play with ports for security, "port knocking" is the most fun way to use ports for increased security, but slightly complicated.
If you are behind a router that is doing NAT it will probably close off everything to the internet except things you set up to forward to your RPi so that provides some protection there.
Just for education, you can download nmap and port scan your own machines and router to see what it turns up.
But the biggest thing to my mind is if you have anything facing the public running on any machine, you need to make sure the software is properly secured. Things like changing default passwords and keeping the software up to date being the most important.
So if you are running Apache, php, mysql, wordpress, joomla, etc, you will want to do an internet search for securing apache, securing mysql, etc. and then making sure you follow the best practices for locking all the software and packages you run down. That will probably be your biggest vulnerability, the software you run being misconfigured or out of date.