SFTP:
RT*N (Read the manual).
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html As long as you're in US or UK, you should be alright. I think putty is one of the better SFTP programs out there; YMMV.
I cannot help you secure a WinXP box that is live to the internet. I've seen to many of them zombied to think I was that clever. Perhaps a different approach is in order. What are you trying to accomplish? Do you *need* an HTTP or FTP server? If we knew more about what you wanted to do, it might help... If all you are going to do is server web pages, do you really need an FTP server? Are you going to allow other people to put stuff on it? If so, maybe read up on SFTP and setup a deamon for that.
For security (such as it is on windows boxes) here's my thinking:
1. Go buy a linksys EtherFast cable/dsl firewall router ( BEFSX41 should be fine).
2. Hook THAT up to your high speed line.
3. Setup YOUR machine as a webserver on (say) IP 192.168.1.1 and tell the firewall to forward traffic on "port 80" to that IP.
This will secure (some of) the GAPING holes in Windows... That firewall can even be setup to talk to a DDNS server, so you will probably not have to punch any more holes thru it then than.
Though as I said before, YMMV.