Try creating a new .htaccess file and adding the following code:
RewriteRule ^RewriteRule ^news/([0-9]+)-([^\/]+).html$ news.php?id=$1 [L]$
What this should do is try to catch your news urls and then call news.php passing it the id from the url. As for protection, the in order for the url to be valid it must begin with news/ followed by a numeric value, followed by a hyphen and atleast one single letter, so for instance, this would be valid:
RewriteRule ^news/([0-9]+)-([^\/]+).html$ news.php?id=$1 [L]
You might want to change the RewriteRule a wee bit, at the moment it really isn't exactly what you want (or is it?). I'll explain why that's the case after showing you an improved version of that line: (the # line is just a comment)
# Original by Karl: RewriteRule ^news/([0-9]+)-([^\/]+).html$ news.php?id=$1 [L]
RewriteRule ^news/([0-9]+)-[^/]+\.html$ news.php?id=$1 [L]
Removed parenthesis in ([^/\]+).
This is simply because we have no need to capture whatever was inside those brackets. In other words, we don't use $2 in the right-hand side of the rewrite rule.
Removed backslash from [^\/]+.
There is no need to escape the forward slash character in this instance so what that really says is one or more characters which are not either a forward- or back-slash. We only want to negate the use of forward slashes (to prevent urls like: news/001-something/else/entirely.html).
Escaped the . (dot/period) immediately before "html".
This is because the dot character is a wildcard meaning any single character. If the dot were not escaped you could have an url like: news/001-titlezhtml which satisfy the rewrite but obviously isn't what we're after here.
(Sorry for hijacking your thread with comments on Karl's code)