Welcome to MSDN Blogs Sign in | Join | Help

Security, Compliance, Server Hardening, and IP Protection

Security is always important.  I wanted to pull together a collection of all of the different security topics on Office SharePoint Server and WSS v3 across the Web Casts, Admin content, a couple of blog posts, and some partner materials.  I'm sure I'm missing some, but I think this is a pretty good list. 

Joel Oleson

 

Web Casts

TechNet Webcast: Compliance and Records Management with Office SharePoint Server 2007 (Level 200)

TechNet Webcast: SharePoint Security from Service Accounts to Item-Level Access (Level 200)

                SharePoint Conference Security PPT Deck

From service accounts to item level security covers…

·         Authentication

·         Authorization

·         Item level security

·         Authentication Providers

·         Membership providers

·         Etc…

Key blog entries:

·         Jeff Teper’s Top 5 Security Features

·         Records Management Blog: Information Policies

·         Steve’s Peshka’s Configuring Multiple Authentication Providers for SharePoint 2007

 

Plan for and design security in Office SharePoint Server

·         Chapter overview: Plan for and design security (Office SharePoint Server)

·         Choose your security environment

·         Plan secure configurations for Office SharePoint Server features

·         Plan for and design security roles

·         Plan for single sign-on

 

Plan security hardening for server roles within a server farm (Office SharePoint Server)

·         Application server recommendations

·         Secure communication with the Microsoft SQL Server database

·         File and Printer Sharing service requirements

·         Single sign-on hardening requirements

·         Restricting DCOM ports

·         Service requirements for e-mail integration

·         Service requirements for session state <Office SharePoint Server>

·         Windows SharePoint Services/Office SharePoint Server services

·         Accounts and groups

·         Web.config file

·         Secure snapshot additions for Windows SharePoint Services/Office SharePoint Server

 

Plan for secure communication within a server farm (Office SharePoint Server)

·         Plan server-to-server communication

·         Plan client-server communication

·         Plan for using SSL

 

Review the secure topology design checklist (Office SharePoint Server)

·         Server topology design

·         Networking topology design

·         Logical architecture design

·         Operating system design

 

 

In a server farm environment, individual server computers play specific roles. Security hardening recommendations for these server computers depend on the role each plays. The server hardening recommendations for Microsoft Windows SharePoint Services 3.0/Microsoft Office SharePoint Server 2007 are built on top of the recommendations provided in the following patterns and practices security guides published by Microsoft:

 

·         Securing Your Web Server

·         Securing Your Database Server

·         Securing Your Network

·         Securing Your Application Server

 

Plan site and content security (Office SharePoint Server)

·          Chapter overview: Plan site and content security (Office SharePoint Server)

·          Plan site security (Office SharePoint Server)

·          Add credentials for search crawls

·          Determine permission levels and groups to use (Office SharePoint Server)

·          Define custom permission levels

·          Choose which security groups to use (Office SharePoint Server)

·          Choose administrators and owners for the administration hierarchy (Office SharePoint Server)

 

 

Plan site security (Windows SharePoint Services)

·         About site security elements

·         About assigning permissions

·         About fine-grained permissions and permission inheritance

·         Choose which levels of site security to use

·         Plan for permission inheritance

·         Worksheet

 

Related Topics

·         Plan information management policies

·         Download Microsoft Forefront Security for SharePoint

·         PressPass: Microsoft Launches Forefront Security for SharePoint Beta

·         Secure Application Publishing in ISA 2006

Related Web Casts

TechNet Webcast: Microsoft Operations Manager 2005 Technical Overview (Level 200)

TechNet Webcast: Internet Security and Acceleration (ISA) Server 2006 Technical Overview (Level 200)

TechNet Webcast: Secure Collaboration with Microsoft Antigen (Level 200)

TechNet Webcast: Secure Application Publishing with Internet Security and Acceleration (ISA) Server 2006 (Level 200)

TechNet PodCasts through another channel… rss, mp3 formats, xspf, etc..

 

Great Partner Links… Thanks Adam at SharePointSecurity.com…

Implementing a Pluggable Authentication Provider (SQL)
MOSS Zones and Alternative Access Mapping
Introduction to ForeFront and Antigen
Implementing Information Rights Management (IRM)

Also check out links to pluggable authentication providers and more on MOSS Security

·         MOSS Oracle Membership Provider

·         MOSS Microsoft Access Membership Provider

·         MOSS Flat Text File Membership Provider

 

To end this  post let me end with a quote from a comment on a post to a review on B2TR of Office SharePoint Server 2007….

 

You really need to look at IRM and SharePoint

Setting up Office 2007 to use SharePoint and Information Rights Management has never been easier or so well thought out. These two items are exactly what corporate users have been asking for and MS delivered it in spades.”

Published Thursday, November 02, 2006 1:16 AM by joelo

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# Security Blog Post on WSS and Office SharePoint Server 2007

I just posted a collection of security resources, web casts, and links for IT Pro's on the SharePoint

Wednesday, November 01, 2006 9:13 PM by Joel Oleson's SharePoint Land

# Recursos sobre segurança em Sharepoint 2007

No post da autoria do Joel Oleson no blog da equipa de Sharepoint da Microsoft, podem encontrar um conjunto

Tuesday, November 07, 2006 5:30 PM by Miguel Isidoro

# re: Security, Compliance, Server Hardening, and IP Protection

My recent investigations show some lack of support for security features in remote WebServices. For instance, If a list broke security inheritance from its parent site and is specifying its own security - for instance, assigns two different roles to one user then there is no way to get this data (ACL def. in in the list scope) using the remote webservices. same goes for the item scope. All I could get is a mask for each user - this is not enough - since it does not give me any information as to the roles that were assigned (and this cannot be solved by a simple search  within the roles list, since two roles can have the same mask)

An answer would be greatly appreciated..

Ayan

Sunday, November 12, 2006 9:29 AM by Ayan

# Basic and Advanced Deployment in a Nutshell

Thanks to those of you who partipated in my SharePoint Connection basic and advanced Deployment talks

Tuesday, November 14, 2006 2:30 AM by Joel Oleson's SharePoint Land

# SharePoint 2007 IT Pro stuff

No blog do JOPX , encontrei um post com links para um conjunto de recursos sobre Sharepoint. General

Friday, December 15, 2006 8:08 PM by Miguel Isidoro

# SharePoint 2007 IT Pro stuff

Friday, December 15, 2006 8:09 PM by Miguel Isidoro

# 2007 MOSS Resource Links (Microsoft Office SharePoint Server)

2007 MOSS Resource Links (Microsoft Office SharePoint Server) Here is an assortment of various 2007 Microsoft

Tuesday, July 17, 2007 12:48 PM by The Boiler Room - Mark Kruger, Microsoft SharePoint MVP

Leave a Comment

(required) 
required 
(required) 

  
Enter Code Here: Required
 
Page view tracker