You need to block windows authentication for anonymous users if you are using Microsoft Sharepoint for your organization public portal. I have seen few Sharepoint portals where the administrators are doing content authoring directly over the portal, which is not right.
For your public portal most likely you will have anonymous access which is fine but you should not enable windows authentication on this portal. Instead you should be extending the public portal on a different zone (Intranet) and there you should disable anonymous access and enable windows authentication.
So let me show you how to disable windows authentication for your public portal.
1 . Open IIS Manager and select the website and then from the right pane click the Authentication icon under which disable windows Authentication for the portal
2. Then on the SharePoint Central Administration website, on the Application Management page, in the Web Applications section, click Manage web applications. Click the web application you want to disable Window Authentication and from the ribbon choose Authentication Providers and there select Default Zone after which under claims Authentication type remove the check mark for Integrated windows Authentication.
3. Then windows Authentication will be disable for main site while extended will still have Windows enabled.
This will ensure if anyone try accessing you SharePoint admin pages like “/_layouts/15/settings.aspx” or “/_windows/default.aspx” then he will be receiving 404 File NOT FOUND
Do let me know if you have any doubts or Questions in the comment section below.