To maintain a secure SharePoint 2010 and SQL Server 2008 R2 environment I suggest leveraging Active Directory Group Policy so that rules and security settings are applied at the highest level. Using group policy further enables you the ability to audit, create, edit, and ensure proper policies are applied from one location. Most malware, Trojans, bots, spyware, etc. can compromise a systems local integrity thus changing various local security policies that could damage services or worst compromise your server services. Using Active Directory Group Policy further ensures that the policy you specify in the Active Directory are not altered and if they are Group Policy will in most cases refresh and reapply settings that may have been changed. Since these are applied at the highest level via the Domain you can reasonably rest assured that in most cases local policy changes will be overwritten by Group Policy since these settings are not local. This is also very useful when applying who has local rights to interactive sessions of the server which can be used to set the local admins (farm admins) and disable guest accounts via Group Policy.
Hopefully you now see the value of Group Policy and if you already use it, now would be a good time to revisit your settings and make adjustment and additions as necessary.
Whenever I deploy a server there are a few by default policies I always apply for the overall security health of my environment which include.
Below are the more specific policies with their paths that I suggest you create at a minimal.
IPSEC SP/SQL Server Encryption
Windows Firewall: "On"
Windows SharePoint Admin Set
Software FirewallsFor these settings assume that your servers are on the same subnet and behind a physical firewall so that all servers can communicate to each other without the physical firewall preventing access (all ports an protocols open to each of these servers). I suggest using a physical firewall or proxy server to protect the physical servers if you don't have one already in place so that the local NICs IP's cannot access the internet. Use IP's that are specific to the URL namespace, not the same IP as the server.
Server IP is 10.1.1.1 and the IP for the website is 126.96.36.199 (Private vs. Public IP space)
Windows SharePoint CA Firewall: Exception(s)
Windows SharePoint Launcher Service: 8082 Exception
Windows SharePoint Launcher Service: 8093 Exception
If Group Policy is new to you, just leave a comment and I would be more than happy to help you build these and provide a more in-depth approach.