Securing the portal / web interface?

aside from firewall rules on the port, what else are you guys doing to secure the portal?

what’s the best way to disable the web interface?

You can bind them to different Ips (internal vs external). One of the main things on our list is to support security (odata2 seems likely as well as ms single signin).