Use a layered approach to security, with more than one mechanism in place to deter attackers.
After validating in a prototype environment, deploy Windows Server 2003 Service Pack 1 on SharePoint Servers to further protect the server against attack.
Use the Security Configuration Wizard (SCW) to harden a SharePoint server and reduce the surface attack area.
Utilize SharePoint site groups to allow for granular delegation of security to SharePoint sites, workspaces, and lists.
Physically secure SharePoint servers behind locked doors and in secure locations.
Consider the use of IPSec to encrypt traffic between SharePoint Servers.
Use the Microsoft Baseline Security Analyzer to audit the security of SharePoint servers.
Turn on SQL auditing so that failure attempts or potentially all access is audited.
Design SharePoint with isolation approaches to security in mind.
Utilize Server Security templates to secure the Windows Server 2003 operating system that SharePoint runs on, but ensure that the security settings are tested in advance.
Restrict login access to SharePoint Servers.
Consider the use of PKI smartcards for user authentication to SharePoint.
Reset the SQL SA password to a cryptic setting to prevent attacks against that account.
Use VPNs to secure remote access to SharePoint sites from the Internet.
Use PKI Certificates from Microsoft or from a third-party provider such as VeriSign to encrypt access to a SharePoint Virtual Server through the use of Secure Sockets Layer (SSL) encryption.
Limit anonymous access to SharePoint farms that do not contain any proprietary information.
Enable password and account lockout policies on SharePoint servers.
Consider the use of Software Update Services to provide patch management to a SharePoint farm.
