Aha. First of all, you can enable a stateful firewall with commands like this:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -m state --state NEW -j ACCEPT
is a firewall framework included in the Linux kernel. The setup is inspired by the book Linux Security Cookbook
. Note that all of these commands should be run with root privileges; e.g. if you run them in a terminal, prepend each command with sudo
The first three commands changes the default policy for incoming and forwarded packets to DROP, and makes sure the default output policy is ACCEPT. The fourth command allows all internal traffic on your machine (input from a loop device). The next two commands make sure that the only packets allowed to enter your systems, are responses to connections that your machine initiated. The last one makes sure that the previous rules doesn't interfere with ICMP echo. Basically, this setup makes sure that nothing is allowed in unless you request it. Note that I believe the setup might block e.g. Skype from functioning properly, at least it did a couple of years ago.
If you like the setup, you can open the file /etc/rc.local as root and append the above iptables commands there, to execute them automatically at boot:
sudo gedit /etc/rc.local
Alternatively, you can instead export the settings to an iptables ruleset and load that ruleset at boot, as explained on the Debian wiki
When it comes to whole-disk encryption, I run it on my netbook using dm-crypt. It works fine, but there is a noticeable increase in CPU usage during heavy disk activity. I still think it's worth it when it comes to security though, it takes around 10 min for a knowledgeable person to access your private files using a live usb or livecd. Note that full disk encryption requires a reinstall, and if your distribution doesn't offer harddisk encryption during installation, it can be a bit of a hassle to setup manually - and an encrypted swap partition may interfere with suspend to disk. If I were you, I would spend at least 1-2 months getting used to Linux before attempting a reinstall on an encrypted medium.
If you're a fan of encryption in general, Mozilla Thunderbird with the Enigmail extension works fine for sending/receiving GPG encrypted mail. When you have some extra time on your hands, you might also want to check out Privoxy (a local proxy server filtering ads, scripts, etc out of HTTP traffic) and Tor (anonymization through onion routing).