- Mounting boot partition read only, increases security of kernel. This how you do it in /etc/fstab

LABEL=/boot /boot ext2 defaults,ro 1 2

And reload changes
# mount /boot -oremount

And yes, make it writable when you are planning kernel upgrade. Otherwise new kernel wont be able to enter

Other security options in the fstab file are:
 defaults Allow everything (quota, read-write, and suid) on this partition.
 noquota Do not set users quotas on this partition.
 nosuid Do not set SUID/SGID access on this partition.
 nodev Do not set character or special devices access on this partition.
 noexec Do not set execution of any binaries on this partition.
 quota Allow users quotas on this partition.
 ro Allow read-only on this partition.
 rw Allow read-write on this partition.
 suid Allow SUID/SGID access on this partition.

Some useful examples:
LABEL=/cache /cache ext2 defaults,nodev 1 2
LABEL=/tmp /tmp ext2 defaults,nosuid,noexec 1 2

# mount /cache -oremount
# mount /tmp -oremount

To verify if the modifications have been correctly applied:
# cat /proc/mounts