We are currently running MOSS 2007 internally, and have been doing so for about 12 months with no major issues.

There has now been a request from management to provide access from the internet for small groups (initially) which are comprised of members from other Community Organisations like ours. Committees and the like.

My first reaction was not joy when presented with this request, however I'd like to make sure the apprehension is warranted.

I have read a few docs on TechNet about security hardening with regard to SharePoint, but I'm interested to know what others have done.

I've spoken with another organisation who has already implemented something similar, and they have essentially port-forwarded from the internet to their internal production MOSS server. I don't really like the sound of this. Is it adviseable/necessary to run a DMZ type configuration, with a separate web front-end on a contained network segment? Does that even offer me any greater security than their setup? Some of the configurations from a TechNet doc aren't really feasible, given our current network budget. I've already made my concerns known to management, but it appears it will go ahead in some form or another.

I'm tempted to run a completely isolated, seperate install just for these types of users.

Should I even be concerned about it?

Any thoughts, comments would be most welcomed at this point.