Achieving a secure SharePoint environment.
| Title | Link |
|---|---|
|
Administration accounts and roles Administration can occur at a number of levels of granularity in SharePoint. Microsoft refers to this as a three-tier administration model. The broadest, most powerful tier is that of Farm-level Administrators. This type of account provides control over the entire SharePoint farm. |
Read more... |
|
Authentication options Authentication is the process of determining who someone is. |
Read more... |
|
Business Data Catalog (BDC) security Generally, line-of-business (LOB) system security integration requires |
Read more... |
|
File Classification Infrastructure in Windows Server 2008 R2 Introduction A new "File Classification Infrastructure" service has been introduced into Windows Server 2008 R2. It is used to classify and act upon files based on their business value, and is aimed at reducing administrative burden while increasing policy compliance. |
Read more... |
|
Firewall rules and protocol usage SharePoint uses the HTTP protocol and proprietary Microsoft extensions to it for most client-server communication. |
Read more... |
|
Section 508 Compliance with SharePoint Section 508 of the 1998 Amendment to the Rehabilitation Act covers accessibility for systems in the United States Federal sector, including systems developed, maintained, used, or procured by US Federal agencies. |
Read more... |
|
Security considerations for MS SQL Server database with SharePoint SharePoint uses MS SQL Server for two purposes:
|
Read more... |
Security standards, authorization policies, and modelsAuthorization PoliciesOrganisations define security policies. Some example business rules derived from policy are: |
Read more... |
|
SharePoint 2010 Sneak Peek Microsoft have just released a "sneak peek" into the new features coming with SharePoint 2010 at http://sharepoint.microsoft.com/2010/Sneak_Peek/Pages/Overview-Video.aspx . |
Read more... |
|
SharePoint Audit Logging and other Logs SharePoint and associated components produce a large number of logs. |
Read more... |
Authentication
SharePoint usually performs authentication through the IIS web server. IIS is responsible for authenticating users via Active Directory.
Another option is to use the ASP.NETforms authentication functionality for developing custom code that interacts with other user directories such as an Oracle database. Doing so requires bespoke development.
Authorization
SharePoint's security model is based around enrolling principals into SharePoint Groups, which are then granted permissions to a securable resource.
By default, SharePoint objects inherit the permissions of their parents.
Pros
- Good integration with Active Directory
- Standard across WSS and MOSS
- Does not require bespoke development
- Provides simple API.
Cons
- Difficult to manage - SharePoint offers no 'rolled up' way of discovering everyone that has access to a resource, and also no simple way of showing what resources a given employee can access.
- Limited configurability - SharePoint's simple 'group allow' model cannot be configured to a policy-based mechanism.
- Poor integration with other web parts - While it is possible to set up custom groups and permission levels, the out-of-the-box web parts do not support this very well. The "Site members" and "my sites" web parts do not accurately reflect actual site memberships.
Summary
SharePoint provides a simple way for end-users to grant access to resources, but offers limited management functionality.
IIS - FileAuthorization
ASP.NET - Web.config - Authorization policies, Allow and Deny
List items - Allow only Permissions
Search Results - Custom Security Trimmer
BDC - Only at the entity level - and through search results.
Excel services -
We've reviewed a number of SharePoint security products.
| Product | Vendor | Version |
|---|---|---|
| SharePoint out of the box (read review) | Microsoft | 2007 |
| Microsoft Information Rights Management (IRM) | Microsoft | ? |
| Microsoft Internet Security and Acceleration Server (ISA) | Microsoft | 2006 |
| Universal SharePoint Manager | www.idevfactory.com | 2009? |
Most Popular
