COM+ provides the underlying infrastructure for Enterprise Services; therefore, secure COM+ if you use it on the middle-tier application server. Two main steps are involved in securing an application server that uses Enterprise Services:
Secure the Component Services Infrastructure.
You must secure the underlying operating system and Enterprise Services infrastructure. This includes base security measures, such as applying patches and updates, and disabling unused services, blocking unused ports, and so on.
Configure Enterprise Services application security.
You must secure the Enterprise Services application that is deployed on the server, taking into account application-specific security needs. ...