Well as said above, start reading.

This was the same i had to hear when i asked the same question once. And it's true ! it works. READ!

But, it would be wise to put up a linux/unix box (at home or at any place, co-located would be nice) and keep it perfectly up to date.

Start with just building a webserver and put mysql on it. Make sure MySQl ain't available for the outside world!

It would be wise to get a linux/unix that AIN'T the latest version!! install it as mentioned above. Thereafter put it in a closet where only 2 things go in Power and Network.

Now you may not touch the box anymore and try to get it up-to-date.

This will require lot's of reading, but now you are reading with a goal. And believe me you'll learn atleast twice as fast.
There's another advantage in this method, you'll also learn how a linux/unix machine works. And that's very important in security world (my opinion).