securing microsoft® sharepoint® products and technologies...
TRANSCRIPT
![Page 1: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/1.jpg)
Securing Microsoft® SharePoint® Products and Technologies Server Farms
![Page 2: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/2.jpg)
Overview
Office SharePoint Server Security Accounts
Securing Content
Securing Communications In a Server Farm
Using Server Hardening
![Page 3: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/3.jpg)
Lesson 1: Office SharePoint Server Security Accounts
Service Accounts
Farm Administrator Account and Farm Administrators Group
Default Content Access Accounts
Changing Passwords for Office SharePoint Server Accounts
![Page 4: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/4.jpg)
Service Accounts
Level Accounts
Farm level
Server farm account
SQL Server service account
Office SharePoint Server Search service account
Windows SharePoint Services Search service account
SSP level
SSP service account
Default Content access account
Profile import default access account
Excel Services unattended service account
![Page 5: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/5.jpg)
Farm Administrator Account and Farm Administrators Group
Have access to Central Administration its toolsFarm
Admins
Have administrative rights over local serverServer
Admins
Users must be a member of both roles to complete some administrative tasks
Both
![Page 6: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/6.jpg)
Default Content Access Accounts
SharePoint
Sites
BDC Data
Web Sites
File Shares
Exchange Public
Folders
Read-Only Access
Default Content Access
Account
![Page 7: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/7.jpg)
Changing Passwords for Office SharePoint Server Accounts
You must update Office SharePoint Server when you
change passwords for the following accounts:
SQL Server accounts
Application pool accounts
Search service accounts
Shared Services Provider accounts
Single Sign-On account
Profile import account
![Page 8: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/8.jpg)
Lesson 2: Securing Content
SharePoint Products and Technologies Authentication
Forms-Based Authentication
Zones for Web Applications
Alternate Access Mappings
Standard Permissions and Groups
Custom User Groups and Permission Levels
Securing Excel Services
Securing Business Data Catalog Applications
Code Access Security
![Page 9: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/9.jpg)
SharePoint Products and Technologies Authentication
SharePoint Products and Technologies support the
following authentication methods:
Basic
NTLM
Kerberos
ASP.NET Forms Based Authentication
Web SSO
![Page 10: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/10.jpg)
Forms-Based Authentication
Connection strings
Membership providers
Role managers
![Page 11: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/11.jpg)
Configuring Forms Authentication
![Page 12: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/12.jpg)
Zones for Web Applications
Extranet Zone
Intranet Zone
SharePoint Web Application
Forms-Based
Authentication
Windows
Authentication
Site Collection
![Page 13: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/13.jpg)
Alternate Access Mappings
http://www.contoso.com
http://moss.dmz.contoso.com
ISA Server
Office SharePoint
Server WFE
Content is rendered
back to the user with
the original public
URL
![Page 14: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/14.jpg)
Standard Permissions and Groups
Collections of users that map to Office SharePoint Server roles
User groups
Collections of permissions that map to Office SharePoint Server roles
Permission
levels
![Page 15: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/15.jpg)
Custom User Groups and Permission Levels
Create user groups for job roles that require a consistent set of permissions
User groups
Create a custom permission level for each user group that you create (if needed; optionally, re-use existing permission levels where possible)
Permission
levels
![Page 16: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/16.jpg)
Securing Excel Services
You can configure the following Excel Services
security settings by using the Central Admin Web site:
Trusted file locations
Trusted data providers
Trusted data connection libraries
User-defined function assemblies
File Access Security for non-WSS trusted locations
![Page 17: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/17.jpg)
Securing Business Data Catalog Applications
Feature Methods
Authentication
PassThrough
RevertToSelf
Credentials
WindowsCredentials
AuthorizationBack-end authorization
Middle-tier authorization
![Page 18: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/18.jpg)
Code Access Security
Permissions
Evidence
.NET Assembly .NET CLR
![Page 19: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/19.jpg)
Lesson 3: Securing Communications In a Server Farm
Using IPSec
Using SSL
![Page 20: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/20.jpg)
Using IPSec
External User Perimeter Network Internal Network
IPSec
Use IPSec to encrypt server-server communications
![Page 21: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/21.jpg)
Using SSL
External User Perimeter Network Internal Network
SSL
Use SSL to encrypt client-server communications
![Page 22: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/22.jpg)
Lesson 4: Using Server Hardening
Hardening Web Servers and Application Servers
Hardening Database Servers
![Page 23: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/23.jpg)
Hardening Web Servers and Application Servers
Patches and Updates
Minimize Attack Surface
Least Privileged Accounts
Viruses, worms, and Trojans
![Page 24: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/24.jpg)
Hardening Database Servers
Use Windows Integrated
Avoid common ports
Use SQL aliases on WFEs
![Page 25: Securing Microsoft® SharePoint® Products and Technologies ...download.microsoft.com/download/b/6/7/b67b78c3-13b... · Lesson 2: Securing Content SharePoint Products and Technologies](https://reader033.vdocuments.net/reader033/viewer/2022042918/5f5cced63ecae5569976a276/html5/thumbnails/25.jpg)
Review
Office SharePoint Server Security Accounts
Securing Content
Securing Communications In a Server Farm
Using Server Hardening