depends on how much you know already and how much maintainance you want to do yourself.
I can't comment on Micro$haft products - suffice to say it'll cost ya time and money.
I moved from dedicated RedHat which was 'as-is'. The webhosters wouldnt patch it, they wouldnt even allow root access. Now I got a Debian with a support service that lets me get on with it and assist now and again if I make a cock up.
How easy to secure? EASY!
Big buzz last month about upgrading apache to 1.3.26. I though how the heck am I supposed to do that?
apt-get install apache
That upgrades whatever you had to the latest. Next I had to do PHP
apt-get install php4
Also using Webmin which is a dream. You just say get updates, upgrade whatever. None of this Micro$haft debacle of patching, rebooting, repatching the patches, rollback of patches waving yer lucky charms at the box.
I love this Linux stuff. Man its so simple.
Oh yes, has snort and stuff on it if you need that. And if you need to lock down Apache there is plenty of support here.
I guess you're going to say you'll be using NT and this text is irrelevant right <s>