linux in 60 seconds
First off make sure you create a non-root user account for yourself. I'm not familiar with any recent Mint versions but I'd be surprised if the installer didn't prompt you to do that.
Don't be phased by linux listening on a myriad of ports (eg: netstat -an) because most of those are what's known as domain sockets. 'netstat -ant' shows the "internet" sockets and its the foreign address column you need to look at. "netstat -ant | grep LISTEN" narrows that down to the ones which are listening: "netstat -ant | grep LIS" shows both listening and connected sockets (because LIS also occurs in ESTABLISHED). Look at the local address column and the number after the colon is the port number. The file /etc/services lists commonly used ports and services. eg: "grep 2049 /etc/services" reveals "nfs" on one particular system here because it has an NFS server running.
You stop ssh from allowing root connections by changing "PermitRootLogin yes" to "PermitRootLogin no" and disable password prompting via "PasswordAuthentication no" - the latter won't allow a login unless an acceptable key has been generated (hint: ssh-keygen). The file is typically "/etc/ssh/sshd_config" but as some stuff varies between systems you might care to run 'updatedb' which builds a small database of the filesystems (hint: locate -i sshd_config).
You might also care to edit /etc/sudoers. Where it says "root ALL=(ALL) ALL" shove "foo ALL=(ALL) ALL" below it where foo is your normal login username. You can now become root using your own password (hint: 'sudo su -').
A useful command line editor is 'nano'. "nano -w /path/to/somefile" because 'vi' is enough to put anyone off linux.
Now you can look at your firewall. 'sudo -i iptables -L -n' (omit "sudo -i" if you're already root) shows you what is currently in effect and you can post that output onto a suitable Mint forum for advice. If there's bugger all in that output then it may be the firewall isn't enabled. Fix that as 1st priority.
Desktop systems tend to be configured so their firewall allows all outbound connections (and replies back from those outbound connections) and likely nothing but 'sshd' will be allowed to connect from the outside world. Trust me. You don't want to be turning 'sshd' off. It is far too useful. Just ask how to change the firewall rule so that nothing external can connect to it.
Assuming your firewall is working..
$foo sudo -i iptables -L -n | grep NEW
..will reveal what the outside world can connect to. You'll see this for 'sshd'..
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED
..if it can accept external connections. Note that even though the above can accept outside connections it will reject all of them because of the sshd_config changes above.
Here's hoping Mint has iptables. Been years since I tried it!