A primary security measure to observe at all times is to guard the Administrator account and administrative permissions on computers connected to the Internet. Give the passwords for these accounts only to employees with appropriate security clearances.
External Internet users can get access to your intranet through the Guest or IUSR_computername account. To ensure that the permissions for these accounts on your Internet gateway and Internet Information Server are configured to prevent intrusion, restrict the accounts to read-only access on public directories.