Leaveing the modem completely open to the public is the least preferable method. If this is what is chosen, make sure you at the very least do the following:
Under Security -> Access, disable all unneeded services such as Telnet, SSH, HTTPS, FTP, Local DNS.
DO NOT disable the HTTP port (it is the only way to access the admin tools), but you can change the HTTP port to non-standard port so it will be more difficult for hackers to sniff the open ports.
Change the HTTPS port as well, even though we disable it here, it is still accessible, so we change it to a non-standard port.