secure sharepoint 2010 design

[Francois Yang <francois.y () gmail com>]

just wondering if anyone here has been involved with designing
sharepoint 2010 or earlier version from ground up.
the consulting people we have working on this are MS or sharepoint
people from third party and all seem to think that it's ok to leave
your whole sharepoint environment open to corporate lan.  according to
them that's how most people do it. either that or have a MS TMG server
for front end which would serve Sharepoint, which doesn't make sense
to me since it still leaves all the servers open to the whole lan.
I was suggesting to put the whole environment behind a firewall and
only allow ports 443 since that's what will be used by the internal
users to access it.
no need for the whole company to have access to all the backend web
servers and database servers.
of course admins of those servers would be allowed access to their
servers on the necessary ports.
am I being too paranoid? or have anyone done something similar?
management seem to think I'm crazy and being the road block to this project.

thanks.

Frank

-- 
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked. — White House Cybersecurity
Advisor, Richard Clarke

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------