Correctly configured the authorization tags in web.config would protect your edit and admin userinterface. If the authenticated user is not a member of the correct groups the right-click menu will not be shown and it is not possible to enter edit and admin mode.
If the Access Control List of the page is allowing everyone or the current user to change or edit the page then on-page edit will be allowed and the right-click menu will show items to start editing even if they not have the roles needed to enter edit mode.
To increase security, you can take more steps. One is to require a specific url or ssl to be used to access edit/admin mode. If you use another port, you can block access in the firewall.
You can also create a virtual role with custom requirements like a specific IP-address as a requirement. See: http://virtualroles.codeplex.com/
An other strategy is to use an Edit server, but that will require an enterprise license. The idea is basically to create a load-balanced setup (or at least several servers with the same database) but put one of the servers on the intranet and completely strip or disable the edit/admin user interface on the publically available server(s).
You can also use IIS to deny access to a virtual directory based on IP restrictions.
@David: Does this work for Virtual Path Providers? I did not know that... Thanks!
@Fredrik: Yes it works fine on any folder in IIS, virtual or not. I will put a blog post together about it.
Blogged about this here http://world.episerver.com/Blogs/David-Knipe/Dates/2010/9/Securing-EPiServer-edit-and-admin-mode-by-IP-address/
We have an Epi CMS5 sait that we would like to disable the possibility to log in to edit and admin for external guests.
The sait use EPi accounts.
In the Authorizatin tags for edit and admin in web.config, is it possible to allow IP = "our Gateway IP" and deny IP ="*"?
Some other solution?