To answer your question, it's a simple case of common sense security. There's nothing special as it's a SharePoint site.
Make sure that every port is closed that isn't needed (so just have port 443 open), make sure that the SSL is installed correctly, and authentication is setup to use the strongest credentials you can. E.G. Windows logon so nothing is clear text.
Keep the server updated and patched, AV scanner, and if you have an IDS - check it's setup. Monitor the logs and that's pretty much it.
Can I ask you a question too? I have MOSS2007 installed and working fine on a deciated single server. (All roles on one box) All working great as an internal intranet, however I also want to get it accessible from the web for our remote users.
How do you go about getting SSL setup on MOSS2007? Is it any different that if I was doing it to a standard website? E.G. Configuration in SharePoint needs to be told that it should expect stuff using HTTPS as well as HTTP? (Other than the usual stuff in IIS?!)
Thanks,
Steve.
"They have the internet on computers now!" - Homer Simpson
