Is SharePoint secure? We hear that question a lot. It needs hardening for public website usage. It can be hardened sufficiently to have multiple web apps on the same farm used for intranet, extranet, and public site. A methodical approach can lock it down and withstand any penetration test. The weak point is within the sloppy administration. Following best practices can solve nearly all of that.
Surface area reduction is a security measure that involves stopping or disabling unused components. Surface area reduction helps improve security by providing fewer avenues for potential attacks on a system.
Securing SQL Server can be viewed as a series of steps, involving four areas: the platform, authentication, objects (including data), and applications that access the system.