I have a server running Mandrake OS v10.1 and it is also running as a webserver to serve an intranet with an estimated of 10 Windows 98 clients. Every computer are assigned an IP dynamically by a router and this router is connected to a modem to the Internet.

However, recently I'm becoming concern over the security of the server and I'm researching ways that I can keep people out of the server, physically and logically.

For the physical part, this has been done as it is in a highly secure room.
For the logical part however, I would need advise besides having strong password for root account, etc.

I would appreciate it a lot if anyone could explain their methods in detail and would like to thank you in advance for taking time in replying to me.

It depends how Mandrake 10.1 was installed, it could load some services that are required by your environment. E.g FTP, NFS ..... As such, unused services should be stop or removed from the system. Used the nmap tool to scan for ports services open and then stop those services.

With the firewall (iptables) enable on server to accept on IP address from trusted network thus prevent hacker from using Mandrake system to hack the trusted network.

Default Mandrake 10.1 kernel not secure, but then your server is on a trusted network so not need to patch the kernel.