• Use SSL encryption to secure the traffic to and from a SharePoint server, particularly if that traffic will cross an unsecured network, such as the Internet.
• Monitor Forefront TMG using the MSDE or SQL logging approaches to allow for the greatest level of monitoring functionality.
• Secure any edge-facing service such as SharePoint with a reverse-proxy system such as Forefront TMG or Forefront UAG.
• It is recommended to use Forefront UAG for inbound securing scenarios, but not necessarily required, as Forefront TMG also has significant reverse-proxy functionality.
• Environments with legacy ISA 2006 can still use it to publish SharePoint 2010 sites, but performance will be limited due to the 32-bit-only nature of ISA 2006.
• Use either Forefront Protection for SharePoint or another third-party antivirus product that is compatible with the SharePoint 2010 Antivirus API to protect SharePoint content from viruses.
• Deploy the Forefront Edge line of products in the existing DMZ of a firewall if it is not feasible to replace existing firewall technologies.