I had a test OSX server at my last job I was at. Pretty much closed all ports except for 80 and whatever port Apple RDP ran on (actually, I closed that down at first, oops, had take a macbook into the server room to fix that), then opened up ports as needed.
I'm sure you realize this now, but for the sake of anyone else reading this you could have saved yourself a trip to the server room had you left 22 open; most OSX services can stopped and started via command line, just like any other *nix. I could be wrong (I don't use Mac's often), but I think they stick them in /System/Library/CoreServices, or somewhere similar.
As far as not using sudo, I think it depends on what you're doing. For example, if you're just running a single command, it makes sense to sudo (e.g., editing /etc/hosts, restarting a service, etc), but if you're going to be working with root privileges for a while, it just makes more sense, and saves you some keystrokes, to use su.