Focus on Microsoft
Re: Hardening Sharepoint 2010 on Win 2008 R2 Dec 20 2010 11:24AM
mamo (mamo74 gmail com) (3 replies)
Re: Hardening Sharepoint 2010 on Win 2008 R2 Mar 01 2011 01:45AM
wt521125 (wt521125 yahoo com cn)
RE: Hardening Sharepoint 2010 on Win 2008 R2 Dec 20 2010 06:05PM
Kurt Dillard (kurtdillard msn com)
Re: Hardening Sharepoint 2010 on Win 2008 R2 Dec 20 2010 05:26PM
Eduardo Navarro (eduardo navarro live com) (3 replies)
RE: Hardening Sharepoint 2010 on Win 2008 R2 Mar 01 2011 01:45AM
wt521125 (wt521125 yahoo com cn)
RE: Hardening Sharepoint 2010 on Win 2008 R2 Dec 20 2010 07:50PM
Wayne Anderson (wfrazee wynweb net)
There are a few challenges still with BPOS / Office365. As with many
things, moving into the cloud environment also means ensuring that the
environment offers the features you need and also meets the compliance
requirements that may apply to your business.

Given some of your writing, I suspect you may be based in a country outside
of the US. You will want to pay attention to data center location and know
that it goes off of the location fields related to the live ID who creates
the account in the standard environment, and a negotiated placement if in
the dedicated environment.

Also if your portal will be anonymous access at all, that takes dedicated
completely off the table for now.

The final caveat is that federated identity really wont be fully supported
until RTM of office365 so like I said, know what you need in a portal
platform if you want to consider the MSO solutions so that you have a chance
to really examine whats available on the 9.x BPOS environment and what
changes when you consider doing your deployment on Office365. The platform
is getting better but in my experience it takes about 3 revisions of an
offering from Microsoft to get to really good enterprise usability and
Office 365 is something like 2 and a half :)

-W

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Eduardo Navarro
Sent: Monday, December 20, 2010 10:26 AM
To: mamo; Anupam Kumar
Cc: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: Hardening Sharepoint 2010 on Win 2008 R2

?I would suggest you look into Sharepoint Cloud offerings. I think it is the
best of both worlds. You wont need to harden the server, services, etc. Just
place your effort on administration and auditing. I am pretty sure that
Sharepoint does very well with maintaining change history on content pages.
You can link your company accounts and LDAP to this sharepoint for
authentication so you would be missing nothing in terms of user management.

-Eduardo

-----Original Message-----
From: mamo
Sent: Monday, December 20, 2010 7:24 AM
To: Anupam Kumar
Cc: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: Hardening Sharepoint 2010 on Win 2008 R2

Hello.

We have quite complex policy that is not possible to summarize on a mailing
list.
Some important point for me specific for this project (it is a public web
site):
- The front end on internet need to a have a secure in depth configuration
(if one level fail, I don't want to have all site compromised).
I am looking both on configuration to be applied to the front end and to the
backend.
- I want to have a strong auditing level on who does what in changing the
content of the site to be able to analise possible compromise/mistake with
the change functionality.

Thank you.
Mamo

On Mon, Dec 20, 2010 at 8:02 AM, Anupam Kumar <anupam (at) kumargroups (dot) org [email concealed]>
wrote:
> Hi Mamo,
>
> There is no definitive guide that can be given as it depends
> completely on the security policy of your company. I work for Capital
> One and almost everything is disabled due to security. However, I am
> also aware from past experiences that some companies hardly follow any
> hardening procedures. To answer your question better, please let us know
what is your requirement.
> What kind of security are you looking at?
>
> Knowing this is critical before something can be suggested.
>
> Regards
> Anupam Kumar
>
> On Mon, Dec 20, 2010 at 4:02 AM, mamo <mamo74 (at) gmail (dot) com [email concealed]> wrote:
>>
>> Hello.
>>
>> My company is working on the new internet web site.
>> It is going to be based on Sharepoint 2010 on Windows 2008 R2.
>>
>> They are very new platform (very very new for me :-( ). Do you know
>> of any hardening guide for Sharepoint 2010? Can you give me pointers
>> on Windows 2008 Hardening or security checklist?
>>
>> Thank you in advance.
>> Mamo
>
>

[ reply ]
Re: Hardening Sharepoint 2010 on Win 2008 R2 Dec 20 2010 07:28PM
Vinicius Brenny (vinicius snts gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus