Focus on Microsoft
Re: Hardening Sharepoint 2010 on Win 2008 R2 Dec 20 2010 11:24AM
mamo (mamo74 gmail com) (3 replies)
Re: Hardening Sharepoint 2010 on Win 2008 R2 Mar 01 2011 01:45AM
wt521125 (wt521125 yahoo com cn)
RE: Hardening Sharepoint 2010 on Win 2008 R2 Dec 20 2010 06:05PM
Kurt Dillard (kurtdillard msn com)
Re: Hardening Sharepoint 2010 on Win 2008 R2 Dec 20 2010 05:26PM
Eduardo Navarro (eduardo navarro live com) (3 replies)
RE: Hardening Sharepoint 2010 on Win 2008 R2 Mar 01 2011 01:45AM
wt521125 (wt521125 yahoo com cn)
RE: Hardening Sharepoint 2010 on Win 2008 R2 Dec 20 2010 07:50PM
Wayne Anderson (wfrazee wynweb net)
Re: Hardening Sharepoint 2010 on Win 2008 R2 Dec 20 2010 07:28PM
Vinicius Brenny (vinicius snts gmail com)
About the cloud:
I don't disagree it would be a good solution, but then you can fall
into the data privacy question: do I want my company data on a
co-location server?
Several times, I've suggested to my clients to move some services on
third-party companies, but most of them who turned me down did it
because of data privacy. The other ones did it because of the costs.
Most of them (specially not tech-savvy managers, usually the kind of
people I interface with) are doing this because of a lack of
information, but some are completely aware of the benefits - and
risks. They just can't afford to give their data to someone who could
breach their MPI when facing a legal suit.

About the SharePoint Server:
I can't contribute on the application security, but the server
security baseline is pretty much what has been said: The original MS
baseline analyser can set the basic stuff and tell you where are your
weak points at the server's policy [1].

And if your internal policies agree with it, you can try some pentest
utilities. Mestasploit is a nice one [2].

[1] http://technet.microsoft.com/en-us/security/cc184924
[2] http://www.metasploit.com/

Vinicius Brenny

On Mon, Dec 20, 2010 at 3:26 PM, Eduardo Navarro
<eduardo.navarro (at) live (dot) com [email concealed]> wrote:
>
> ?I would suggest you look into Sharepoint Cloud offerings. I think it is the best of both worlds. You wont need to harden the server, services, etc. Just place your effort on administration and auditing. I am pretty sure that Sharepoint does very well with maintaining change history on content pages. You can link your company accounts and LDAP to this sharepoint for authentication so you would be missing nothing in terms of user management.
>
> -Eduardo
>
> -----Original Message----- From: mamo
> Sent: Monday, December 20, 2010 7:24 AM
> To: Anupam Kumar
> Cc: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Re: Hardening Sharepoint 2010 on Win 2008 R2
>
> Hello.
>
> We have quite complex policy that is not possible to summarize on a
> mailing list.
> Some important point for me specific for this project (it is a public web site):
> - The front end on internet need to a have a secure in depth
> configuration (if one level fail, I don't want to have all site
> compromised).
> I am looking both on configuration to be applied to the front end and
> to the backend.
> - I want to have a strong auditing level on who does what in changing
> the content of the site to be able to analise possible
> compromise/mistake with the change functionality.
>
> Thank you.
> Mamo
>
> On Mon, Dec 20, 2010 at 8:02 AM, Anupam Kumar <anupam (at) kumargroups (dot) org [email concealed]> wrote:
>>
>> Hi Mamo,
>>
>> There is no definitive guide that can be given as it depends completely on
>> the security policy of your company. I work for Capital One and almost
>> everything is disabled due to security. However, I am also aware from past
>> experiences that some companies hardly follow any hardening procedures. To
>> answer your question better, please let us know what is your requirement.
>> What kind of security are you looking at?
>>
>> Knowing this is critical before something can be suggested.
>>
>> Regards
>> Anupam Kumar
>>
>> On Mon, Dec 20, 2010 at 4:02 AM, mamo <mamo74 (at) gmail (dot) com [email concealed]> wrote:
>>>
>>> Hello.
>>>
>>> My company is working on the new internet web site.
>>> It is going to be based on Sharepoint 2010 on Windows 2008 R2.
>>>
>>> They are very new platform (very very new for me :-( ). Do you know of
>>> any hardening guide for Sharepoint 2010? Can you give me pointers on
>>> Windows 2008 Hardening or security checklist?
>>>
>>> Thank you in advance.
>>> Mamo
>>
>>
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus