Hello,
Here's my interpretation

In general the format is <port>/<protocol> <filter> <service>

<port> is the subaddress of the connection on your computer.  Different 
services use different ports.
<protocol> is either tcp (state-protocol) or udp (stateless)
<filter> says whether there's something (eg ipfilter) between the port 
and the program.
<service> the name of the service.  For a more applicable result for 
you look in /etc/services

e,g, "grep 23 /etc/services"

> 23/tcp filtered telnet

This is standard telnet, turn it off, you password is transmitted in 
clear-text for any sniffer to pick up.  If you need to login remotely 
use ssh and sshd.

> 514/tcp open shell

This is rsh for remotely executing programs on your machine, its 
totally unnecessary and often insecure, its functionality (if you need 
it which is doubtful) can (and should) be replaced by ssh

> 8080/tcp filtered http-proxy

This is either a proxy or your web server keep it if you want a 
webserver

> 8081/tcp filtered blackice-icecap
>

This is probably related to the above, almost certainly not 
blackice-icecap (some sort of hacker information sharing app from what 
I gather on google)

> Is there anything else I should do to improve security?

Turn off telnet and rsh, turn on sshd, if you don't need a 
webserver/proxy turn it off, and figure out whats on port 8081 
(/etc/services should help here) and if you don't need it, turn it off.

There's a really good ipfilter how to out there (I don't know the 
address off the top of my head) but make sure that ipfilter is 
configured properly, and if you're feeling really paranoid run a 
port-scan detector like portsentry.  There are tons of "securing 
linux/freebsd" sites out there, most of the advice is applicable to 
m68k/NetBSD.  The good thing is most of the script kiddies root kits 
won't work on you 68k architecture anyway...

hth

--brendan