The point at which a system is opened up so it can be remotely administered is almost always the point of compromise in an intrusion. It is a good idea to close off the system as much as possible from the outside world, in addition to locking down all network access to the server in general.
Changing the default ports that various services run on is a quick way to ward off the "script kiddie" style of hackers. This process essentially amounts to the "security through obscurity" model of protection. While it may not provide enough protection on its own, it provides a good first layer of protection.
In order to change the port that the SSD daemon listens on, run the following commands (this example changes the port to 38000; you can adjust this number according to your liking):
sed -i "s/Port 22/Port 38000/" /etc/ssh/sshd_config
/etc/init.d/ssh restart
In order to change the port that Apache listens on, run the following commands (this example changes...