FreeBSD is pretty secure OOB much more so than the popular Centos/Fedora/Suse anyway.
Make sure that /etc/ssh/sshd_config is set for protocol 2, no root login, not empty passwords.
You can be super secure with regards root access by installing sudo and configuring trusted users to sudo to root, remove the password on the root account and setting all the TTY's to secure ( I think that disables console root access as well)
Don't run services you don't need. (FreeBSD runs only ssh and sendmail OOB) disable sendmail from starting by putting sendmail_enable=NONE in /etc/rc.conf.
Figure out how to configure pf
