Before you install any operating system on your computer, set up a BIOS password and change the boot sequence to disable booting from a floppy. Otherwise a cracker only needs a bootdisk to access your entire system.
Disabling booting without a password is even better. This can be very effective if you run a server, because it is not rebooted very often. The downside to this last tactic is that rebooting requires human intervention which can cause problems if the machine is not easily accessible.
An intelligent partition scheme depends on the how the machine is used. A good rule of thumb is to be fairly liberal with your partitions and to pay attention to the following factors:
Setting a good root password is the most basic requirement for having a secure system.
At the end of the installation, you will be asked if shadow passwords
should be enabled. Answer yes to this question, so passwords will
be kept in the file /etc/shadow. Only the root user and the group shadow
have read access to this file, so no users will be able to grab a
copy of this file in order to run a password cracker against it. You can
switch between shadow passwords and normal passwords at any time by using
shadowconfig. Furthermore you are queried during installation whether
you want to use MD5 hashed passwords. This is generally a very good idea
since it allows longer passwords and better encryption.
You should not install services on your machine, which are not needed. Every installed service introduces new, perhaps not obvious, but existent security holes to your machine. If you still want to have some services but you use these rarely, use the update-commands, e.g. 'update-inetd' for removing them from the startup process. This section needs a list of services,and what they do and the risk level involved, as newbies don't have a clue, what is considered a security risk.
It is never wrong to take a look at either the debian-security-announce mailinglist, where advisories and fixes to released packages are announced by the Debian security team or to email@example.com, where you can participate about discussing debian security related things.
In order to receive important security update alerts, send an email to firstname.lastname@example.org with the word "subscribe" in the subject line. You can also subscribe to this moderated email list via webpage at http://www.debian.org/MailingLists/subscribe
This mailing list has very low volume, and by subscribing to it you will be immediately alerted of security updates for the Debian distribution. This allows you to quickly download new packages with security bug fixes, which is very important in maintaining a secure system. (See Section 5.1 for details on how to do this.)