I would like to share some idea specially for internet facing - anonymous public site. It is very very important to restrict anonymous user to restrict to access web service of your site and access files located at _layouts. Also it is important to keep open few of the files from _layouts e.g. _layouts/accessdenied.aspx, _layouts/error.aspx
Solution: You can add required configuration tags into web.config file
Cheer!!. Keep safe your internet facing anonymous site.