How to secure your Microsoft SharePoint products

Make sure that Microsoft SharePoint is running on a secure IIS site.

• At its core, a SharePoint site is simply an IIS Web site, so you can take the standard methods of securing any IIS site and get significant results in increasing overall WSS security.
• Make sure SSL is enabled. Harden the permissions for users to get access to the virtual director that SharePoint runs in, use strong authentication methods (NTLM or Kerberos), and ensure the Web server itself is protected using typical Windows hardening methods.
• A quick search on SearchSecurity.com for "IIS server security" will provide a wealth of information for hardening the environment that SharePoint itself runs in.

Assign application-wide security policies.

• You can use the "Policy for Web Application" feature to enable a greater swath of authentication to your sites. From this page, you can set anonymous access standards and grant control or deny access. These application-wide security policies take precedence over any individual configuration features that have been set up on specific sites.
• These policies also apply to users that reside both within and outside of your firewall's reach.
• To reach the Policy for Web Application feature, open Central Administration, click the Application Management tab and click the Policy for Web Application link. You can begin setting policies from there.

Understand Microsoft SharePoint permission lev...

To read more you must become a member of SearchEnterpriseDesktop.com

As an existing member of the TechTarget network please activate your SearchEnterpriseDesktop.com account 

By joining SearchEnterpriseDesktop.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Endpoint security management tools The right security tools for finding Windows desktop weaknesses Using BitLocker in Windows 7 20 days to a more secure enterprise How to get -- and keep -- user support with security MDOP for Windows 7 available now Microsoft's Online Desktop Manager caters to small IT shops Monitoring user activity with network analyzers Using third-party technologies with Microsoft's NAP Understanding Microsoft's NAP's internal and external components Microsoft's NAP can ensure security compliance

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary system tray  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

els to control access for your users.

• Like Windows and NTFS permissions, you assign access to users through permission levels and SharePoint groups. Permissions aren't assigned directly to users; rather, you control availability and access through levels and groups. Users are assigned to levels and groups and thus inherit access controls through that membership.
• You can access the controls for permission levels and SharePoint groups from the Site Actions menu on any page, but first make sure you are logged onto the site with administrative credentials. Click Site Settings from that menu, and then click the Advanced Permissions link under the Users and Permissions section.
• Make sure you assign permissions and levels carefully, as these control what users can read, change, and do on your sites. Treat this as diligently as you treat file system permissions.

Disable anonymous access to your Microsoft SharePoint Services site, if possible.

• If your SharePoint site is designed only for internal users that have accounts on your domain, there is no need to open the site up to users who haven't authenticated. This closes a reasonably significant vector through which information could be leaked.
• To disable anonymous access, open the Central Administration site. From the Start menu, choose Administrative Tools and then click SharePoint 3.0 Central Administration. Then navigate to the Application Management tab and click the Authentication Providers in the Application Security section.
• Click the Default Zone link, and then uncheck the Enable Anonymous Access box, and finally, click Save.

Perform regular backups of your Microsoft SharePoint site.

• Backing up is still an integral and critical part of your security infrastructure. If a compromise were to take place, you would easily be able to restore the data stored in your site after you rebuilt the machine on which the breach took place.
• Remember: Once a cracker gets access to your machine, it isn't your machine any more. So the only safe way to proceed is to flatten the hard drive and rebuild the operating system and application installation from the ground up.

About the author: Jonathan Hassell is an author, consultant and speaker residing in Charlotte, N.C. Jonathan's books include RADIUS and Learning Windows Server 2003 for O'Reilly Media and Hardening Windows for Apress. His work is seen regularly in popular periodicals such as Windows IT Pro magazine, SecurityFocus, PC Pro and Microsoft's TechNet Magazine. He speaks around the world on topics including networking, security and Windows administration. He can be reached at jhassell@gmail.com.