Security Audit of public access data and pages for Salesforce Commmunities / Portal users and Site Guest users.
3:26 PM
Reviewing the data and pages you expose for external access ( Community users and Site Guest User) is an essential and critical piece to maintaining a healthy Salesforce instance. Here are a few suggestions that might help you get started.
Setup -> Security -> Health Check


Start with the Portal Health Check
Setup -> Security -> Health Check
Review the External Object Access
While under the health check window. Scroll down to locate the number of objects that are exposed to external users.
This particular screen denotes that 85 objects have a default sharing model of either Public Read/Write or Public Read Only. This means that if the Community profile has 'Read', 'Edit' Access to the object they get to read / edit all records of that object.
Keep in mind that any newly created custom object has a OWD of 'Public Read/Write' by default. As part of the deployment always ensure the OWD is always set appropriately.
Fixing External Object Access
Setup -> Security -> Sharing Settings
Enable 'External Sharing Model' if not enabled already