Upload
michael-mauldwin
View
222
Download
0
Embed Size (px)
Citation preview
8/10/2019 Enterprise Security Options in MOSS2007
1/49
ENTERPRISE SECURITY OPTIONS IN AMICROSOFT SHAREPOINT SERVER 2007 (MOSS
2007) ENVIRONMENT
Dr. Umesh Varma
SECR 5080
September 14, 2009
(49 Pages)
Version 3.0: September 14, 2009
Presented by: Mr. J. Michael Mauldwin
8/10/2019 Enterprise Security Options in MOSS2007
2/49
8/10/2019 Enterprise Security Options in MOSS2007
3/49
MAUDLWIN 3 of 47
TABLE OF CONTENTS
TITLE PAGE i
DISCLAIMER 2
TABLE OF CONTENTS 3
LIST OF FIGURES 4
RESEARCH METHODOLOGY 5
INTRODUCTION 6
SECURITY BASICS 11
PROBLEM STATEMENT 18
APPLICATIONS SECURITY OPTIONS 21
Windows Server 2008 21
Microsoft Office SharePoint Server 2007 24
Windows Sequel Server 2008 34
CONCLUSION 39
Appendix A: Security Options and Definitions for Windows Server 2008 40
Appendix B: Security Tools and Definitions for Windows Server 2008 (R2) 42
Appendix C: Security Features in SQL Server 2005 44
RESOURCES 48
BIBLIOGRAPHY 49
8/10/2019 Enterprise Security Options in MOSS2007
4/49
MAUDLWIN 4 of 47
LIST OF FIGURES
Figure 01: The Bulls -eye Model 9
Figure 02: MOSS 2007 Site Collection 25
Figure 03: Fine Grained Permissions 29
Figure 04: Reliability-Confidentiality-Integrity 35
Figure 05: SQL05 Encryption 38
8/10/2019 Enterprise Security Options in MOSS2007
5/49
MAUDLWIN 5 of 47
RESEARCH METHODOLGY
The methodology utilized to conduct research for this project was derived from
multiple professional sources including those produced by Microsoft Corporation and
utilized in pursuit of active management security activities in an enterprise level
SharePoint 2007 deployment utilizing the defined applications. Where required, credit
has been given to the authors of those sources stated in the bibliography at the end of
this paper and as referenced throughout this paper. No attempt at plagiarism has been
made and if any has occurred is purely coincidental. Additionally, the writer has drawn
upon personal knowledge and experience as well.The format of this paper coincides with the installation of the defined software and
applications and while intricate definitions and in-depth discussions were not utilized in
support of this writing, a broad overview of security options available out of the box
pertaining to the operating system and associated applications and their ability to
function in a collaborative environment has been covered as you will see.
All security options discussed are managed via a central administration control
panel per application and for the operating system as well. Although the word
enterprise, as used in the title of this paper, does not frequently populate this paper,
the reader should understand that the available security options for both the operating
system and the applications are available for use in both standard and enterprise
architecture construction.
8/10/2019 Enterprise Security Options in MOSS2007
6/49
MAUDLWIN 6 of 47
INTRODUCTION
In todays world, IT professionals require more tools to fight security threats and
protect organizational assets used for critical applications than any time in the past.
Because organizational websites and Portals are increasingly exposed to unauthorized
access, administrators must properly secure them from both external and internal
threats. The first step in securing an organizations confidential data begins with the
establishment of a strong information security program and the supporting policies
which provide adequate security measures to safeguard the data.
The authors purpose in writing this paper is to provide a broad yet definitive
example of the enterprise level security options available in support of a Microsoft Office
SharePoint Server 2007 (MOSS 2007), multi-classified and multi- access level
environment. The author does not intend, nor imply, that these are the only security
measures which can be implemented, but merely those options which are available as
out of the box (OOTB) options to any organization from which a foundation of a solid
information security program can be developed.
The security options for the following system and application software will be
discussed: Microsoft Server 2008 (SVR08), Microsoft SharePoint Server 2007 (MOSS
2007), and SQL Server 2005 (SQL05). Although a virtual environment could be utilized
to further enhance the security of the network, a virtual environment will not be part of
this papers discussion as there are more than sufficient amounts of information to
populate not only this paper, but many more as well. MOSS 2007 requires a server
operating system in order to operate. Therefore, SVR08 will be utilized to provide the
8/10/2019 Enterprise Security Options in MOSS2007
7/49
MAUDLWIN 7 of 47
system foundation, acting as the operating system or OS. 1 The SQL05 application
provides the database functionality required by MOSS 2007 since database replication
is not inherent within the SharePoint application.
Each of the applications and the OS identified has OOTB security capabilities that
are selectable during installation and / or during / after setup. These security protocols
provide sufficient security capabilities for use for the majority of the organizations
employing MOSS 2007 in both INTRANET and EXTRANET facing portals. 2 It should be
recognized, and anticipated, that all security measures are vulnerable to attack by a
dedicated individual wishing to penetrate an established security barrier and in order toenter a secured network . Research should be conducted by the project team, with final
approval being issued by the CSO and possibly the CIO, regarding the security
protocols to be implemented and if additional measures will be taken that are not parts
of the MOSS 2007 installation configuration. An example would be the installation of
Internet Security Acceleration (ISA) Server which provides an additional security layer
for any server which ahs internet facing connectivity (EXTRANET). Hence, a Secure
Internet Router Protocol SIPR) network would not require ISA SVR, specifically on a
government C4IS network, whereas a Non-secure Internet Router Protocol (NIPR)
network could utilize ISA since it does have connectivity to the internet. 3
Prior to implementing any security measure/s or policy/ies, it is paramount that a
complete and in-depth survey of the existing portal network be conducted in order to
perform a thorough requirements analysis. This analysis will support the identification
1 Microsoft Server 2003 or 2005 could also be utilized as the OS as well.2 An EXTRANET has access to the internet. An INTRANET has no access to the internet and is therefore moresecure.3 Command, Control, Communications, and Computers Information Systems (C4IS).
8/10/2019 Enterprise Security Options in MOSS2007
8/49
MAUDLWIN 8 of 47
and development of the clients List of Requirements which in turn will assist in defining
the majority of the security requirements for upgrading the existing, or the establishment
of new, security protocols and / or policies. The terms Protocol, Policy and Measure
which have already be utilized above deserve a short explanation to better understand
their definitions.
Security protocols are also known as an Information Security Protocols or ISPs (Not
to be confused with Internet Service Providers ). ISPs generally support the actual
content and infrastructure of the security policies themselves. These protocols must be
up to date and of course meet the needs of the organization. Although ISPs can bepurchased as Commercial Off The Shelf (COTS) products, an organization will most
likely customize their ISPs, COTS ISPs, or both to meet their unique requirements
rather than merely utilize COTS ISPs since they are generic and highly subject to
exploitation by hackers. Customization is not more than the process of procuring a set
of existing policies and tailoring these policies to meet specific needs of the
organization. There is little sen se in re -inventing the wheel so this is considered to be
a Best Practice (Whitman & Mattord, 2004).
Security policies are the foundations of the security program. A quality information
security program begins and ends with its policies. When properly developed and
implemented, policies enable the information security program to function almost
seamlessly within a workplace. While policies are the least expensive means of control
to execute, they are most often the most difficult to implement. The role of policy and its
relationship to the security program is best depicted using the Bulls -eye Model (See
8/10/2019 Enterprise Security Options in MOSS2007
9/49
MAUDLWIN 9 of 47
Figure 01 below). Finally, a security policy sets the strategic direction, scope, and tone
for all of the organizations sec urity efforts (Whitman & Mattord, 2004).
Figure 01: The Bulls -eye Model
Security Measures are those actions taken to implement security policies or a
security program, regardless of whether that action is active or passive in nature. Active
security measures include activities such as annual and semi-annual training, denial of
portable electronic items in the workplace (I.e. thumb drives, portable HDs, etc),
scanning of documents and files upon upload, authenticating user IDs, etc. Passive
measures include all background applications designed to identify malware, spyware,
unauthorized scripting, auto updates, virus scans executed through central
administration, etc When com bined, these measures all support the security policies,
which in turn provide the basis for an organizations security program.
Based on the information already discussed, the next item of importance is that ofsystem configuration. Configuration is of critical concern when establishing a single
server or a server farm. For the purpose of this paper the server array is immaterial.
What we will concern ourselves with is the OS and two applications that, when
8/10/2019 Enterprise Security Options in MOSS2007
10/49
MAUDLWIN 10 of 47
combined, provide us with a MOSS 2007 environment. Since there is a requirement to
load the applications in a specific order if they are to function correctly, the security
capabilities will be discussed in the same order.
MICROSOFT SERVER 2008 (SVR08)
- Includes Internet Information Security 7.0 (IIS 7)
MICROSOFT ACTIVE DIRECTORY (AD)
.NET FRAMEWORK 3.5 (.NET)
MICROSOFT SHAREPOINT SERVER 2007 (MOSS 2007)
MICROSOFT SEQUAL SERVER 2005 (SQL05)During the installation it should be noted that certain OOTB default security
protocols can create conflicts with other applications. If the Requirements Analysis was
done correctly, the Security Requirements List will identify the desired, if not the actual,
protocols that should be implemented during the installation process. It is often better to
implement one specific protocol rather than a multitude for the same issue. However,
the determination should always be based on any client situational specific
requirements.
8/10/2019 Enterprise Security Options in MOSS2007
11/49
MAUDLWIN 11 of 47
SECURITY BASICS
Before we discuss the development of a Problem Statement whose purpose s to
define a Security Policy, we must first understand the basics of Information Security. In
addition to the security requirements, a security policy should include, if applicable, e-
mail communication, the transfer of information and corporate website access along
with web facing servers (EXTRANET) between customers, affiliates and users. An
organization must also pay particular attention to the following areas: data protection,
compliance, threats, analysis of cost and benefits, confidentiality, integrity, availability,
accountability, recovery, responsibilities, enforcement, education and configuration.(Whitman & Mattord, 2004)
An Information Security Policy should also define the methods for protecting data
within the organization as well as confidentiality, data integrity and availability,
accountability and responsibility, and security issues that each and every employee
must be aware of. Additionally, compliance must be addressed and guidelines must be
established for anyone with access to organizational data or sites.
Threats can be defined as, but not limited to, Viruses, Denial of Service Attacks,
Unauthorized log-ins and access, loss of data assurance and/or integrity, theft,
tampering, and/or loss of power due to sabotage or natural events, to name just a few.
Cost and Benefit Analysis is defined by several risk situations due to loss: The
calculated cost per minute of the e-commerce server being down, the calculated cost
per minute of the network being down, the calculated cost of removing a virus from a
single PC, the cost for removing a virus from all organizational machines, the calculated
8/10/2019 Enterprise Security Options in MOSS2007
12/49
MAUDLWIN 12 of 47
cost per user per day of e-mail capabilities being down, and the calculated cost of
confidential corporate information getting into the hands of a competitor.
In order to adhere to the principles of confidentiality, an organization must ensure
that its physical location is secure and access is restricted to authorized personnel using
some means of physical security devices such as combination locks, Cipher locks,
access cards, or a combination of all three. The use of firewalls, which separate the
organizations computer environment from the internet , is a widely accepted best
practice and separate accounts and passwords for each authorized user in the network
must be established and should remain confidential. These passwords must beenforced by the server account policies which specifies things such as passwords must
contain two special characters (i.e. @$^), two lower case and two upper case letters,
and two numbers. The policy should also dictate how long the password string shall be,
how often it should be changed, and a historical password archive per user should be
maintained so that the same password is not repeatedly used. The policy should also
identify server permissions that restrict users not only to accessing their own files but
also their group files based on access permissions. 128-bit encryption should be utilized
prior to transferring data over any public conveyance, or perhaps even within an
EXTRANET. It is a best practice to use a password-protected screen saver as well.
Along with 128-bit encryption an organization may impose additional encryption
services concerning its proprietary information such as PGP encryption. Policies should
also cover the location and protection of databases for proprietary and financial records
of an organization and may even require the network to be located not only on a
separate server but a separate network not accessible to the internet. Policies may
8/10/2019 Enterprise Security Options in MOSS2007
13/49
MAUDLWIN 13 of 47
even go so far as to deny the use of e-mail on financial servers or highly classified
proprietary servers. Finally, the computer systems and servers located behind an
organizations firewall should not use modem connections but should be tied into the
network via LAN or an authorized dial-in server in order to provide a more secure
environment.
The integrity of a system becomes paramount if it is to survive the onslaught of daily
attacks to which it most surely will be subjected, in one manner or another. Access to
data files and administrative applications should be limited to primary and alternate
administrators. Integrity also applies to the transference of data and ensuring it has notbeen tampered with. Additionally, without exception, users should only have read
access to system files, if they are permitted to view them at all. All data uploads should
be logged by the server and an anti-virus application should scan not only all uploaded
data files, but all disks, drives, incoming IP traffic, and any document containing macros.
The policy should not fail to address unapproved software installation on any system
without authorization from the Chief Information Officer (CIO) or his/er designee.
The security policy must also define the availability of the network to the organization
such as user authentication and uninterruptible power supplies (UPS). Servers, e-mail,
FTP, and HTTP capabilities must be available 24 x 7 x 365. Because of this access
availability, the network should also have proxy services which permit authorized users
to access the network from outside of the firewall. Gateway authentication at the firewall
to gain access may be required in order to access data bases via specific IP addresses.
Finally, maintenance personnel must be identified so as to bolster the repair and limit
8/10/2019 Enterprise Security Options in MOSS2007
14/49
MAUDLWIN 14 of 47
downtime should the server should experience any issues (Microsoft Corporation,
2009).
The security policy must identify as well as provide a definitive explanation of the
responsibilities pertaining to accountability. Items which should be addressed include
the logging of all security events relating to security, and the logging of all confidential
accesses. Confidential data transfers must be authenticated between the server and the
user. The policy may require digital signatures when transferring certain types of data. A
software log should also be maintained for all software which is installed on servers and
workstations as well as a list of approved software for each. The architecture, design,and internal / external connections should also be logged to provide accountability.
In the unfortunate event that a server goes down, the security policy must establish
a recovery plan. This plan should include the frequency of backups, both incremental
and full as well as how often will data be archived and where will they be stored. It
should also designate the type of file services workstations will utilize to store
organizational data that the server would otherwise backup. In order to facilitate a
responsive recovery plan, workstations must have a standardized configuration
throughout each department with includes authorized software applications and
configurations. Ghost images of system installation formats should be maintained by the
information security office and should be the standardized image utilized on all
workstations, should an operating system require reinstallation. Reconfiguration of
hardware should not be available to employees.
Responsibilities for individual employees should also be defined by the security
policy. For example, employees must comply with the information security policy; even
8/10/2019 Enterprise Security Options in MOSS2007
15/49
MAUDLWIN 15 of 47
as technology changes and everyone must put forth their best effort to protect
organizational data. Each employee should backup any data they feel is important
which is not stored on the server, such as the information stored on the employees
hard drive. All software must be used in accordance with legitimate software licenses
and organizational computers should not be used for personal purposes, just as
organizational e-mail should not be used for communications other than work related.
Employees are typically restricted from transmitting fraudulent, obscene, or harassing
materials. Finally, it should be identified that employees are prohibited from transmitting
anything to anyone who may have the intent of not only disrupting work, but ofcompromising the organizations information security.
The best security policy is as useless as the paper it is printed on unless it defines
how it will be enforced. As an example, if an organizational abuse(s) is reported then it
must be investigated, immediately. Employees should be aware that their electronic files
may be accessed at any time and if policies have been violated, the em ployees
privileges may be restricted or revoked. Additionally, in order to better enforce security
policies, resources should be periodically audited to ensure that only approved software
and computer configurations comply with policies.
A security policy cannot be expected to be enforced if the employees of the
organization are not aware of its existence. Therefore, education becomes the key to
the dissemination of the written policy. Education should include employee training
conducted on a semi-annual and annual basis along with publishing and distribution of a
hard copy of the security policies.
8/10/2019 Enterprise Security Options in MOSS2007
16/49
MAUDLWIN 16 of 47
Earlier, computer configuration was mentioned along with enforcement. Networks
generally consist of workstations which require access to the internet, servers providing
front-end and back-end as well as storage, shared printers, and numerous other pieces
of hardware, software, and other assorted peripherals. Firewalls are normally utilized by
organizations between the internet and their EXTRANET. A generally accepted best
practice is for e-mail applications to support optional PGP encryption and anti-virus
software should be installed throughout the computer environment. Data the
organization has deemed as confidential or proprietary and which is being transferred
between computers should be encrypted using 128-bit encryption in order to protect thedata. Any peripherals attached to the network should have their default passwords
changed. Likewise, if an organization desires to transmit attachments, such as pictures,
then all network peripherals must be SNMP compliant. The security policy should
address how print cartridges are destroyed rather than thrown away. Likewise should a
classified network printer require servicing, policies should define who can work on it as
all printers and copiers have a resident and residual memory from which data can be
removed.
Whitmann and Mattord provide a very useful guide relating to the components that
an Enterprise Information Security Policy, or EISP, should contain. 4
Statement of Purpose
Information Technology Security Elements
Need for Information Technology Security
Information Technology Security Responsibilities and Roles
4 For a complete definition of these components see page 111 of their book, MANAGEMENT OF INFORMATIONSECURITY, 2004.
8/10/2019 Enterprise Security Options in MOSS2007
17/49
MAUDLWIN 17 of 47
Reference to Other Information Technology Standards and Guidelines
Now that we have discussed what a security policy consists of we will now look at
the various security options associated with SVR08, MOSS 2007, and SQL05. These
three pieces of software, when installed and utilized jointly, comprise a Microsoft Office
SharePoint Portal environment. Again, this paper will focus on each application based
on where it falls within the installation process.
8/10/2019 Enterprise Security Options in MOSS2007
18/49
MAUDLWIN 18 of 47
PROBLEM STATEMENT
In a MOSS 2007 environment, supported by SVR08 and SQL05, there are many
security options which may be enabled in order to provide a secure operating
environment. 5 Both applications, to include the OS, provides its own independent
protocols and internal OOTB policies which can be implemented during installation, as
well as after installation. Regardless of Microsofts best intentions and highly capable
software developers, security conflicts exist between the applications even though they
have been developed to interact in a collaborative environment together (Varma, 2009).
Issues were identified and discussed following an in- depth survey andRequirements Analysis of an existing SIPRNET portal. Subsequently, the following
security problems were identified:
1. The constant turn-over of individuals has led to the establishment of permissions
groups and permissions are granted by group affiliation. Section webmasters
have created new groups based upon inherent permissions. It is not known
which individuals in the groups actually still require access or which groups
should be deleted.
2. Groups are used to grant permissions and no individual user permissions can be
granted as Active Directory was not utilized to create the groups.
3. The current systems did not take global access into consideration when it was
constructed. Therefore, only local EndUsers can access any of the information
contained on the portal or the site IMOs utilize Anonymous access.
5 No systems or application can be considered completely secure as there is always an entrance waiting to beexploited when found.
8/10/2019 Enterprise Security Options in MOSS2007
19/49
MAUDLWIN 19 of 47
4. Aggressive actions undertaken to clean up the current portal and its access
permissions which have been met with fierce feedback since most staff sections
are accustomed to working in the current environment and do not want anything
to change. The current portal layout displays no uniformity and document/user
access is not considered secure.
5. There has been no established or published administrative policies that assist in
the administration of the current portal.
6. Existing portal does not facilitate information recovery or search. Repositories
are not being utilized and information is randomly uploaded with no specificnaming conventions or metadata requirements.
7. The CEO is concerned that his organizations collaborative and informational
sharing between EndUsers and headquarters is not being fully exploited in order
to assist the warfighter on an acceptable level.
8. Information is stored in libraries, pers. HD, off site.
9. Multiple copies of the same document located at multiple locations; all
accessible by clientele. (Which is most current?)
10. Documents are incorrectly classified and current locations violate IS policies.
11. Information is stored in libraries, pers. HD, off site.
12. Multiple copies of the same document located at multiple locations; all
accessible by clientele. (Which is most current?).
13. Documents are incorrectly classified and current locations violate IS policies.
14. SharePoint Administrator will have administrator privileges over the entire site
collection.
8/10/2019 Enterprise Security Options in MOSS2007
20/49
MAUDLWIN 20 of 47
15. Policies and regulations will be updated and incorporated into the Portal.
16. No written SharePoint Policy (SPP).
8/10/2019 Enterprise Security Options in MOSS2007
21/49
MAUDLWIN 21 of 47
APPLICATIONS SECURITY OPTIONS
Windows Server 2005 . This application is the foundation of a MOSS 2007
environment since it assumes the role of the operating system or OS. 6 All of the OOTB
SVR08 security options can be utilized with MOSS 2007 with little more than mouse
click confirmation during installation. Microsoft has an add-on for SVR08 known as the
Installation Security Compliance Management Toolkit (SCMT), which is designed to
greatly enhance the ease of ensuring information security compliance by recommending
hundreds of Group Policy settings which can be used in support of an organizations
security program. SCMT can be deployed as either Enterprise or Specialized Security-Limited Functionality (SSLF). The SSLF settings are not intended for the majority of
organizations as its security options are designed more for security rather than
functionality. Therefore, the organizations scope of operations and security analysis
should determine whether or not a SCMT deployment is desired based on the
organizations emphasis on either security or functionality, but not both. Additionally, for
the purpose of this paper, SCMT will not be utilized as it has nine known issues that
have not been corrected to date, including 29 sub-issues with MS Office 2007, 58 sub-
issues dealing with non-synchronization of data collected by the Windows Management
Instrumentation Repository, incorrect domain signatures and updates, incorrect
monitoring results as defined by certain OS versions, etc.. (Microsoft Corporation,
2009).
SVR08 is a fairly stable OS and has many security options that make it a viable
advisory in the security world, with both Active and Passive security operations
6 Windows Server 2003 can also be utilized but the operational performance gained from technologicaladvancements over the past five years will be lost to some degree.
8/10/2019 Enterprise Security Options in MOSS2007
22/49
MAUDLWIN 22 of 47
available. The majority of its options may be activated during the installation or they may
be activated by utilizing the Administrators account at the central administration console
following installation.
Passive security options run in the background and are not apparent to the user, or
the administrator(s), once activated. Active monitoring of these passive options,
however, should be the responsibility of the Administrator(s) and should also be defined
within the security policy. Resource and data file protection is critical if a system is to
perform correc tly and the organizations assets are to be protected. SVR08 provides
several forms of protection OOTB such as the Authorization Manager which assists incontrolling the system s resources and the available access to them. Since system
applications require resources to execute, SVR08 utilizes the Applications Locker, or
AppLocker, to control all server applications. The AppLocker is also a new feature in the
Windows 7 OS recently released. Denying random access to data requires that an
organizations confid ential data be encrypted. To facilitate this SVR08 incorporates
BitLocker Drive Encryption which permits the encryption of all data stored on the
system, although it does not function with NTFS formatted storage volumes. If you are
using a NTFS volume there is no need to fret. SVR08 can utilize its built-in Encrypting
File System, or EFS, as a means to encrypt NTFS volumes. All of these passive
measures can be activated within a MOSS 2007 environment without any conflict
arising between the OS or the MOSS 2007 application (Microsoft Corporation, 2009).
SVR08 also provides more User Interface (UI) through its use of Security Auditing,
SA. SA is one of the most effective and powerful tools in the SVR08 inventory to assist
in the maintenance of a portal environment. When properly configured, SA should
8/10/2019 Enterprise Security Options in MOSS2007
23/49
MAUDLWIN 23 of 47
identify both failed and successful attacks that pose a threat to the network, its
resources, or any other data or peripheral identified a valuable during the organizations
risk assessment. Additionally, SVR08 utilizes the Security Configuration Wizard, SCW,
which reduces the attack surface by guiding policy development based upon the
functionality of the server role(s) specified by various security policies.
User access is controlled by the User Account Control (UAC). This is a security
component controlled by the administrator and allows the administrator to enter a
specific set of credentials during a non-administrator's user session in order perform
required administrative tasks.7
Security policies must be flexible in order to adjust for the fluidity of change, not only
in employees, but in relation to technological advancements as well. Administrators can
configure security policies using SVR08s Server Security Policy Management which
allows the configuration of rules that the OS must follow when determining what
permissions to grant following a request for access of resources.
Authentication is an area of widespread scrutiny. SVR08 has two options
concerning authentication: Windows Authentication and Kerberos. By default, SVR08
uses a set of authentication protocols including negotiate, Kerberos, NTLM, Transport
Layer Security/Secure Socket Layer (TLS/SSL), and Digest. All of these are part of an
extensive security framework. There are several instances where several of these
protocols are combined to form authentication packages that provide a more
collaborative and detailed security architecture. Together, the packages and various
protocols permit authentication of users, computers, and services known as the
7 Also known as Remote Administrative Log-in or RAL.
8/10/2019 Enterprise Security Options in MOSS2007
24/49
MAUDLWIN 24 of 47
Authentication Process. This process, when executed and confirmed, permits
authorized users and services to utilize the system resources in a more secure
environment (Microsoft Corporation, 2009).
In April of 2008, Microsoft released an update to the security tools supporting
SVR08. These tools included tools such as the Extended Security Update Inventory
Tool, Malicious Software Removal Tool, Baseline Security Analyzer Tool, Security
Assessment Tool, and an update to the Microsoft Threat Analysis & Modeling Tool to
v2.1.2. 8 It is highly recommended that this security tool update be utilized.
Additionally, there have been many White Papers released on SVR08 but Microsoftpublished an Info Paper on March 19, 2009 which is very informative and covers a wide
variety of security topics. Threats and Vulnerabilities Mitigation highlights new features
and technologies that provide layered defenses against malicious software threats and
intrusions through a strategy of prevention, isolation, and recovery. Secure
Configuration Assessment and Management provide additional tools to administer
security throughout a layered defense as well as manage potential and known threats.
Identity Management, Access Control, and Information Protection provide a central
management capability for credentialing which allow only authorized users access to
system resources and devices (Microsoft Corporation, 2009).
Microsoft Office SharePoint Server 2007 (MOSS 2007). MOSS 2007 has many
security protocols and abilities which can be utilized as stand-alone or as an interactive
component of a sophisticated security network. The author will not attempt to cover
every aspect of this applications security abilities . Rather, we will graze over those
8 A complete listing and description of the updated Tool release for SVR08 can be found at Appendix 2
8/10/2019 Enterprise Security Options in MOSS2007
25/49
MAUDLWIN 25 of 47
believed to be most important which provide depth regarding what options are available
for securing both sites and content as well as how structural security at the Web
Application level is accomplished.
First, however, MOSS 2007s hierarchy must be defined. A Web Application is
single instance of MOSS 2007 such as an organizations Portal or Website. An
organization maintains its own set of information security policies and compliance
requirements for each Web Application. A Web Application is comprised of one or more
Sites. When there is more than one Site, it is referred to as a Site Collection - multiple
web pages within one website (Cardarelli & Bisciotti, 2006). Sites located beneath eachprimary site are called sub-sites. (See figure 02).
Figure 02: MOSS 2007 Site Collection.
There are several factors which must be considered when planning for the security
of a SharePoint Web Application. These factors include, but are by no means
conclusive: Site Security Planning, permission levels and groups to use, defining any
custom permission levels and/or groups, Security Groups vice Anonymous Access, and
8/10/2019 Enterprise Security Options in MOSS2007
26/49
MAUDLWIN 26 of 47
administration hierarchy (Cardarelli & Bisciotti, 2006). While a term paper could be
written for each of these topics individually, comments will be restricted to the basic
information as specific selections are not within the scope of this paper.
Site security is most readily controlled by assigning permissions to users and
groups for specific objects such as lists, libraries, sites, or items. Planning for site
security involves decisions regarding things such as how much do you wish to control
permissions to certain objects and how will users be assigned and managed and what
objects need to be securable and at what level? Although many organizations use a
combination of Active Directory and MOSS 2007 to manage their user accounts, we willspecifically focus on MOSS 2007 assignments for the moment.
MOSS 2007, unlike SharePoint Server 2003 (SPS 2003), has the built-in capability
to create and manage its own users and groups accounts internally. Groups at the site
collection level contain users. Permission Levels contain permissions. Until a Group is
assigned a Permission Level for a specific site or object, the group has no permissions
and therefore cannot access any object.
Regardless of whether or not MOSS 2007 or Active Directory (AD) 9 account
management is used, there are five elements regarding site security which must be
considered (Office IT and Servers User Assistance, Microsoft Corporation, 2008): 10
1) Individual user permissions. These permissions grant an individual to
perform specific actions.
9 Active Directory is a separate application which facilitates the establishment and management of users andgroups within a network. This application enhances MOSS 2007 User/Group Accounts and provides an additionallayer of security that should be incorporated in the overall architecture of the portal devel opment, in the writersopinion. It must be installed following SVR08 and prior to MOSS 2007 and SQL05.10 These five elements are copied from the White Paper (Office IT and Servers User Assistance, MicrosoftCorporation, 2008).
8/10/2019 Enterprise Security Options in MOSS2007
27/49
MAUDLWIN 27 of 47
2) Permission levels. These are pre-defined sets of permissions which grant a
user or group to perform a specific related action.
3) User. A person with a user account which can be authenticated by the
server using a pre-defined authentication method.
4) Group. A group of users. A group can be a Windows Security Group or it
can be a SharePoint group such as Site Owners, Site Members, or Site Visitors.
5) Securable Object. Site, list, library, folder, document, or items are all
securable objects. By default, permissions for a securable Object (list, library, folder,
document, or item) are inherited from the parent site or parent list or library.However, anyone assigned a permission level which includes management rights
can change the permissions for that securable object.
Individual users or groups can have different permission levels for different
securable objects on the same or different sites and/or sub-sites. 11 Access
permissions, whenever possible, should be assigned to groups and then the groups
should be given access permissions based on Least Privilege Administration
requirements. 12 If at all possible, granting individual user permissions should avoided
as it is very difficult to maintain user accounts in larger organizations. Individuals should
be added to a user group which provides adequate permissions to complete any action
required. The three default permission groups within MOSS 2007 are Visitors,
Members, Owners (Pyles, et al., 2007). It is a best practice to add an
ADMINISTRATORS group to the default groups in order to provide individual site
11 A sub-site is a child site created from a parent site.12 Least Privilege Administration is a recommended security practice in which only the minimum privileges neededto accomplish a specific tasks are granted.
8/10/2019 Enterprise Security Options in MOSS2007
28/49
MAUDLWIN 28 of 47
administrators the ability to leverage additional administrative actions in support of the
site and its sub-sites that are not included in the permission levels of default the default
groups. 13
The VISITORS group has Read Only permissions while the MEMBERS group
permissions permit its users to view, add, update, and delete information on a site or
within an object. The OWNERS group retains nearly full control of the site with Design
privileges which permit members of this group to view, add, update, delete, approve,
and customize a site including all of its contents, but permissions do not include the
ability to delete the site. Site Deletion and advanced administrative permissions are onlypermitted to those with Administrative permissions, such as the ADMINISTRATORS
group. Only ADMINSTRATORS and OWNERS have the ability to assign users to
groups and update permissions. By default, each sub-site inherits the permissions of its
parent site. These groups are assigned access permissions to objects on each site and
granted permissions based upon the parent (top) site (Pyles, et al., 2007).
It is possible to isolate certain objects due to their criticality to an organization within
an object. However, there are times when individual object permissions are required
and parent inheritance is not desired for security reasons. Therefore, under these
circumstances Fine grained permissions are available. Fine Grained permissions refer
to permission levels that are granted only to specific individuals and which are based
upon an item being identified by the organization as a confidential object. In other
words, the objects security requires more precise control which will further limit not only
13 This is a common practice and provides administrative rights only to the site it is granted. For example: A salesdepartment would have an administrative group created named Sales -Admin, while the Toy department wouldbe Toy -Admin. This maintains acce ss limitations based upon the Least Privilege Administration.
8/10/2019 Enterprise Security Options in MOSS2007
29/49
MAUDLWIN 29 of 47
access to the object but what actions users can execute. If Fine Grained permissions
are used, permissions will no longer be inherited from the parent site. While this has the
ability to further secure an object, it also creates issues of maintaining updated access
permissions because the permissions assigned to a group within MOSS 2007 cannot be
updated at a central location any longer, but must be maintained at the objects location
(Office IT and Servers User Assistance, Microsoft Corporation, 2008).
Figure 03: Fine Grained Permissions
If Fine Grained permissions are not sufficient, MOSS 2007 has the ability to further
secure items such as individual files through the use of Individual Permission Levels, or
IPLs. For example, within a document library which has already been assigned Fine
Grained access permissions, individual files may be assigned IPLs which further restrict
8/10/2019 Enterprise Security Options in MOSS2007
30/49
MAUDLWIN 30 of 47
who can access the file apart from those who have restricted access to the library
through Fine Grained permissions. Like Fine Grained permissions, once IPLs have
been utilized for a file within an object, the entire object no longer inherits parent
permissions, nor do any files located within it. Fine Grained or IPLs should be minimized
because their assignment breaks the ability to maintain permissions from a single
location (English, 2007).
One additional security option available in MOSS 2007 that can be used to
completely isolate and protect confidential data is known as Rights Management
Services, RMS. RMS does not control who can access the data but what can be donewith the data once accessed. For example, it can be viewed but not printed, saved,
copied, e-mailed, or shared in any way. This severely limits the actions that can be
performed. Because RMS has the ability to deny actions that are normally associated
with data that can be viewed, it privatizes the data based upon user selections (English,
2007).
The assignment of specific permissions to SharePoint groups provides a much
more secure environment by administering single group permissions for multiple users
from one location rather than attempting to maintain multiple user permissions at
multiple object locations. When MOSS 2007 User/Group accounts are used in
conjunction with AD Users and Group accounts, the time spent managing authorized
users and system resources is greatly reduced. This is due to the majority of the MOSS
2007 accounts being maintained at Site level by the site administrator, which permits
the SharePoint Portal administrator additional time to focus on the overall administration
of the entire Portal through Central Administration (English, 2007).
8/10/2019 Enterprise Security Options in MOSS2007
31/49
MAUDLWIN 31 of 47
Although the numbers of permission levels are limited, administrators still have the
capability to define custom permission levels. This should be avoided if possible as it
will create an administrative nightmare if it gets out of hand. The fewer groups and
permission levels that must be managed the better. Administrators should always
attempt to utilize existing groups and permission levels when possible.
Of serious concern and requiring serious attention is the decision as to whether or
not to permit access to Anonymous users or restrict access to authenticated users only.
If the Portal is an INTRANET, meaning that it does not access the internet, then
Anonymous user access should not be utilized since every authorized user will have anestablished account in AD or within MOSS 2007. If, however, the Portal is an
EXTRANET, meaning it has internet connectivity, Anonymous access should be
considered.
The desired architecture, if Anonymous access is required, is to employ multiple
front-end servers. A single server should be emplaced as a web facing server running a
streamlined organizational Portal structure, which contains only informative
organizational data (Non confidential), to handle internet traffic and one which is
completely accessible to anonymous users. An internet facing server should run the ISA
Server application and should always utilize SSL for encryption. With internet facing
servers, it is also highly recommended to block all public access to your back-end SQL
SVR server. This can be accomplished by blocking TCP 1433 on any firewall and router
and using IPSec to encrypt all data moving from or to the front-end server. Blocking
TCP 1433 also denies vulnerability access such as the Slammer worm (English,
2007).
8/10/2019 Enterprise Security Options in MOSS2007
32/49
MAUDLWIN 32 of 47
Regardless of the type of authentication used, Single Sign On (SSO) authentication
is recommended because it enables users to access multiple system resources without
having to provide authentication credentials more than once, thus saving system
resource utilization and facilitating functionality. SSO maintains a set of credentials for
the application identities (AppIDs) of all resources stored in the MOSS 2007 SSO
database. A security layer checks user credentials against multiple individual listings for
an AppID which is stored in the SSO database. These Individual user mappings are
useful if you need Log-in information about individual user s access to shared system
resources (Office IT and Servers User Assistance, Microsoft Corporation, 2008).Organizational data and the actual enterprise level Portal should be installed on a
separate front-end server which is not accessible to the internet. 14 If the security policy
dictates that employees are authorized to access the internet, then the policy should
address specific instances, workstations, activities, times, etc. At no time should an
INTRANET workstation be accessible to the internet as this opens the doorway for
attack.
SVR08 and MOSS 2007 are designed to function hand in hand along with MS
Office 2007. Because so much information and data can be complied and tracked using
Excel workbooks, MOSS 2007 includes an optional security protocol entitled Excel
Services which is an enterprise-class application which allows users to share and
collaborate with shared Excel Workbooks securely. This is one of the highlights of
MOSS 2007 s Business Intelligence. This option provides the primary method to control,
security, and management to access Excel workbooks in a MOSS 2007 enterprise
14 Best Practice.
8/10/2019 Enterprise Security Options in MOSS2007
33/49
MAUDLWIN 33 of 47
environment. Therefore, if an organization relies on sharing Excel items such as pivot
tables, charts, and graphs then Excel Services facilitates the interactive rendering of
shared Excel components within business intelligence dashboards. For example, all
shared workbooks can be accessed from a central location and from within a secure
environment while providing owners the ability to lock workbooks in order to protect data
integrity. At the same time Excel Services provides owner level control of how the
workbook can be accessed and what actions can be taken with it (Office IT and Servers
User Assistance, Microsoft Corporation, 2008). 15 When using Excel Services, data can
also be protected by using Internet Protocol Security (IPsec) or Secure Sockets Layer(SSL).
It is recommended that Integrated Windows authentication be utilized with Excel
Services which is an integrated authentication method using traditional Windows
authentication and the newer Kerberos authentication . However, for authentication
from front-end Web servers to application servers running Excel Calculation Services,
and from Excel Calculation Services to external data sources it recommended to enable
constrained Kerberos delegation (Office IT and Servers User Assistance, Microsoft
Corporation, 2008).
MOSS 2007 also utilizes .NET 3.5, another form of authentication, at the application
level rather than at the OS level. Applications authentication reduces processing power
and allows for more scalability of the network. Additionally, MOSS 2007 supports
ASP.NET provider model with allows authentication to any database which utilizes
15 The Office SharePoint Server Security White Paper contains very detailed directions for implementing ExcelServices (Office IT and Servers User Assistance, Microsoft Corporation, 2008)
8/10/2019 Enterprise Security Options in MOSS2007
34/49
MAUDLWIN 34 of 47
pluggable authentication by means stand-alone databases. This permits the storage of
EXTRANET accounts in locations other than within the internal Active Directory. It is not
the purpose of this paper to expand the discussion into .NET3.5 as it easily can be
discussed in another paper.
Internet Information Services v.7 (IIS 7) is another security enhancement that
Microsoft has incorporated as part of the SVR08 foundation (English, 2007). IIS 7 has
simplified its security management in an effort to make it easier for the administrator not
only to conduct task and delegation activities but there are also significant changes to
the authentication and authorization capabilities. Several security enhancements havebeen included in this version of IIS not previously available and administrators should
familiarize themselves with these new security options and incorporate them into the
organizations information security policies (Microsoft IIS7 Team, 2009) s.
Although a more thorough discussion of IIS 7 capabilities is warranted, there is an
insufficient allocation of time to delve into each of ISS 7s enhancements over previous
versions, or to address its utilization in a MOSS 2007 environment. The reader should
be aware of its inclusion with SVR08 default installation and also that there are more
security options available to further enhance a secure network environment.
Although there are many more security options available in MOSS 2007 such as
location, design considerations, hosting, Partner webs, Content databases, inclusions
for URL paths, etc, it is not feasible to attempt to cover them within the confines of this
paper. Therefore, we will move on to the next topic of discussion, SQL SVR 2005.
Sequel Server 2005 (SQL05). SQL05 provides a security enabled back-end support
platform for standard and enterprise class databases wherein all of the Portal
8/10/2019 Enterprise Security Options in MOSS2007
35/49
MAUDLWIN 35 of 47
information is stored accessed. SQL05 security capabilities focus on three key areas:
Reliability, Confidentiality, and Integrity ( See figure 04 ). In order to maintain this focus
there are eleven key security features which SQL05 employs.
Figure 04: Reliability-Confidentiality-Integrity
In order to keep up with a rapidly changing environment SQL05 features Automated
Software Updates. This feature is built into Windows Updates which detects any
instance of SQL05 and based upon its scan analysis and permissions, can
automatically install particular patches (Microsoft Corporation, 2007).
8/10/2019 Enterprise Security Options in MOSS2007
36/49
MAUDLWIN 36 of 47
Administrators can reduce data vulnerabilities by reducing the surface area of each
database through use of the Surface Area Configuration tool which manages
connections and various other services including analysis services, remote connections,
full-text search services, SQL Server browser services, anonymous connection, linked
objects, user-defined functions, CLR integration, SQL Mail, and native XML Web
services. All of these services are accessible through a centralized graphical interface
(GI). (Microsoft Corporation, 2007).
SQL05, like SQL08, utilizes a strong Password enforcement policy which
significantly reduces the likelihood of security breaches. SQL05 policies supportcomplex passwords, dictates minimum password length, specifies character
combinations, as well as supports password expiration. Windows Secure Password
policies can also be applied to SQL05 to provide enhanced password security for all of
its accounts
Role-based access provides administrators the ability to manage Server Agent
services. The executions of certain administrative tasks are simplified, such as Server
Integration Services (SSIS), through the use of multiple proxy accounts. SQL05 limits
creation of a multitude of administrative activities which in turn provide a more robust
security environment.
Metadata accessibility is more secure than in previous SQL versions through the
use of Catalog Security. Several different views are available which restrict a user s
ability to view only those items s/he has permission to access. Additionally, SQL05 has
the ability to identify certain tasks for execution. By identifying these execution tasks,
SQL05 authenticates a user requested action against the owners created execution
8/10/2019 Enterprise Security Options in MOSS2007
37/49
MAUDLWIN 37 of 47
module (task) in order to proceed with the action. Alternatively, an alternative to the
execution module is the Signing Feature which operates in the same fashion but is
associated with a signature which is added by the owner (Microsoft Corporation, 2007).
Much like MOSS 2007 access permissions, SQL05 uses User Schema (Scheme)
Separation which simplifies the management of large databases by providing the
flexibility in assigning permissions. 16 By using this option, administrators can grant
permissions to each individual object contained in the schema and / or any object added
to it in the future. Also, like MOSS 2007, SQL05 employs Least Privileges Access which
greatly enhances the security of all stored data. As with SVR08, SQL05 provides data encryption for information contained within
each database. SQL05 can use third party encryption certificate authority or the server
can generate one itself. Much like Kerberos Key Distribution Center (KDC) and SSO,
SQL05 maintains certificate stores which manage both symmetric and asymmetric keys
by using algorithms such as 2-key Triple Data Encryption System (3DES), Advanced
Encryption Standard (AES), Data Encryption System (DES), RC2, and Rivest Shamir
Adleman (RSA). This management process is based on the key hierarchy rooted in
SQL05s Service Master Key (SMK), which is encrypted with a combination of machine
and service keys. All asymmetric keys have both a private and public key pair. Data is
encrypted via the public key and can only be decrypted with the private key. Symmetric
keys utilize a single key that both encrypts and decrypts (Microsoft Corporation, 2007).
16 A Schema is a collection of database objects that form a namespace (I.e.: Server. Database. Schema. Object).
8/10/2019 Enterprise Security Options in MOSS2007
38/49
MAUDLWIN 38 of 47
FIGURE 05: SQL05 Encryption
Finally, SQL05 has the ability to capture event occurrences and log them for future
analysis. Specifically, the Capture to Data Definition Language (DDL) Activities function.
Certain events at the server and database level trigger certain reactive responses by
SQL05. As the SQL05 responds to these events, the events are logged. This becomes
important for auditing and enhancing security.
8/10/2019 Enterprise Security Options in MOSS2007
39/49
MAUDLWIN 39 of 47
CONCLUSSION
Although the there is no actual secure network, there are steps that can be taken
to make it less vulnerable (Varma, 2009). These security options can be employed not
only to protect enterprise levels resources, but also to protect small business assets as
well. By employing, monitoring, and maintaining the many security features available in
SVR08, MOSS 2007, and SQL05 an organization can orchestrate a defense-in-depth"
approach to safeguard and align the three core elements of its security program:
fundamentals, threat and vulnerability mitigation, and identity and access control.
Microsoft has attempted to meet the IT professionals needs to fight security threats
and to protect organizational resources by producing a security enhanced package
which works jointly to provide an OOTB capability protecting confidential data in
response to the ever increasing information security threat. This capability provides the
foundation with which an organization may establish and enforce its information security
program.
8/10/2019 Enterprise Security Options in MOSS2007
40/49
MAUDLWIN 40 of 47
APPENDIX A: Security Options and Definitions for Windows Server 2008 (R2)
The following security options are available in Windows Server 2008 (R2):
AppLocker. Authorization Manager is a Microsoft Management Console (MMC)
snap-in that can help provide effective control of access to resources.
Authorization Manager. The AM is a Microsoft Management Console (MMC) snap-
in which helps provide control and access to system resources.
BitLocker Drive Encryption. BitLocker allows you to encrypt all data stored on the
Windows operating system volume and configured data volumes, and by using aTrusted Platform Module (TPM), it can also help ensure the integrity of early startup
components
Encrypting File System. Encrypting File System (EFS) is a core encryption
technology that enables you to encrypt files stored on NTFS volumes.
Kerberos. Kerberos is an authentication mechanism used to verify the identity of a
user or host.
Security Auditing. Security auditing is one of the most powerful tools to help
maintain the security of your system. Auditing should identify attacks, either successful
or not, that pose a threat to your network, or attacks against resources that you have
determined to be valuable in your risk assessment.
Security Configuration Wizard. Security Configuration Wizard (SCW) is an attack-
surface reduction tool that guides administrators in creating security policies based on
the minimum functionality required for a server's role or roles.
8/10/2019 Enterprise Security Options in MOSS2007
41/49
MAUDLWIN 41 of 47
Server Security Policy Management. Security policy is the configurable set of rules
that the operating system follows when determining the permissions to grant in
response to a request for access to resources.
User Account Control. User Account Control (UAC) is a security component that
allows an administrator to enter credentials during a non-administrator's user session to
perform occasional administrative tasks. UAC also can also require administrators to
specifically approve administrative actions or applications before they are allowed to
run.
Windows Authentication. The Windows operating system implements a default setof authentication protocols, including Negotiate, Kerberos, NTLM, Transport Layer
Security/Secure Sockets Layer (TLS/SSL), and Digest, as part of an extensible
architecture. In addition, some protocols are combined into authentication packages.
These protocols and packages enable authentication of users, computers, and services;
the authentication process, in turn, enables authorized users and services to access
resources in a secure manner.
http://technet.microsoft.com/en-us/library/cc731416%28WS.10%29.aspxhttp://technet.microsoft.com/en-us/library/cc755284%28WS.10%29.aspxhttp://technet.microsoft.com/en-us/library/cc755284%28WS.10%29.aspxhttp://technet.microsoft.com/en-us/library/cc731416%28WS.10%29.aspx8/10/2019 Enterprise Security Options in MOSS2007
42/49
MAUDLWIN 42 of 47
APPENDIX B: Security Tools and Definitions for Windows Server 2008 (R2)
Tool name Type Description
AccessChk Identity and Access Control
AccessChk is a command-line tool that identifies
what permissions or access levels a user or grouphas. AcessChk returns permissions to files,directories, registry keys, global objects, andWindows services.
AccessEnum Identity and Access Control
AccessEnum is a command-line tool thatidentifies which users and groups have access toa specific file or folder.
Auditpol
SecureConfiguration
Assessment andManagement
Auditpol is a command-line tool that displaysinformation about and performs functions tomanipulate audit policies.
ExtendedSecurity UpdateInventory Tool
Threats andVulnerabilitiesMitigation
The Extended Security Update Inventory tooldetermines if any SMS client computers needsecurity updates that are not detectable by usingMicrosoft Baseline Security Analyzer (MBSA).This tool is available from the Microsoft DownloadCenter.
Icacls
SecureConfiguration
Assessment and
Management
Icacls is a command-line tool that displays ormodifies discretionary access control lists(DACLs) on specified files, and applies storedDACLs to files in specified directories. Icacls.exe
replaces the Cacls.exe tool for viewing andediting DACLs.
MaliciousSoftwareRemoval Tool
Threats andVulnerabilitiesMitigation
The Malicious Software Removal Tool checkscomputers running Windows Vista, Windows XP,Windows 2000, or Windows Server 2003 forinfections by specific, prevalent malicioussoftware and helps remove any infection found.
MicrosoftBaselineSecurity
Analyzer Tool
Threats andVulnerabilities
Mitigation
Microsoft Baseline Security Analyzer (MBSA) isan easy-to-use tool designed for the ITprofessional that helps small-sized and medium-sized businesses determine their security state in
accordance with Microsoft securityrecommendations and offers specific remediationguidance.
MicrosoftSecurity
AssessmentTool
Threats andVulnerabilitiesMitigation
The Microsoft Security Assessment Tool providesinformation and recommendations about bestpractices to help enhance security within your ITinfrastructure.
http://go.microsoft.com/fwlink/?LinkId=108512http://go.microsoft.com/fwlink/?LinkId=108513http://go.microsoft.com/fwlink/?LinkId=108513http://technet.microsoft.com/en-us/library/cc731451%28WS.10%29.aspxhttp://go.microsoft.com/fwlink/?LinkId=86406http://go.microsoft.com/fwlink/?LinkId=86406http://go.microsoft.com/fwlink/?LinkId=86406http://go.microsoft.com/fwlink/?LinkId=86406http://technet.microsoft.com/en-us/library/cc753525%28WS.10%29.aspxhttp://go.microsoft.com/fwlink/?LinkID=74359http://go.microsoft.com/fwlink/?LinkID=74359http://go.microsoft.com/fwlink/?LinkID=74359http://go.microsoft.com/fwlink/?LinkID=74362http://go.microsoft.com/fwlink/?LinkID=74362http://go.microsoft.com/fwlink/?LinkID=74362http://go.microsoft.com/fwlink/?LinkID=74362http://go.microsoft.com/fwlink/?LinkId=86189http://go.microsoft.com/fwlink/?LinkId=86189http://go.microsoft.com/fwlink/?LinkId=86189http://go.microsoft.com/fwlink/?LinkId=86189http://go.microsoft.com/fwlink/?LinkId=86189http://go.microsoft.com/fwlink/?LinkId=86189http://go.microsoft.com/fwlink/?LinkId=86189http://go.microsoft.com/fwlink/?LinkId=86189http://go.microsoft.com/fwlink/?LinkID=74362http://go.microsoft.com/fwlink/?LinkID=74362http://go.microsoft.com/fwlink/?LinkID=74362http://go.microsoft.com/fwlink/?LinkID=74362http://go.microsoft.com/fwlink/?LinkID=74359http://go.microsoft.com/fwlink/?LinkID=74359http://go.microsoft.com/fwlink/?LinkID=74359http://technet.microsoft.com/en-us/library/cc753525%28WS.10%29.aspxhttp://go.microsoft.com/fwlink/?LinkId=86406http://go.microsoft.com/fwlink/?LinkId=86406http://go.microsoft.com/fwlink/?LinkId=86406http://technet.microsoft.com/en-us/library/cc731451%28WS.10%29.aspxhttp://go.microsoft.com/fwlink/?LinkId=108513http://go.microsoft.com/fwlink/?LinkId=1085128/10/2019 Enterprise Security Options in MOSS2007
43/49
MAUDLWIN 43 of 47
Microsoft Threat Analysis &Modeling v2.1.2
Threats andVulnerabilitiesMitigation
The Microsoft Threat Analysis & Modeling toolallows non security subject matter experts toenter already known information includingbusiness requirements and applicationarchitecture, which is then used to produce a
feature-rich threat model.
SecurityConfigurationWizard
SecureConfiguration
Assessment andManagement
The Security Configuration Wizard (SCW)determines the minimum functionality required fora server's role or roles and disables functionalitythat is not required. SCW is included withWindows Server 2008 and can be accessed from
Administrative Tools and Server Manager.
ShareEnum Identity and Access Control
ShareEnum is a command-line tool that identifiesthe security settings of print and file shares. Itshows administrators potential security problemsarising from security that is too low.
WindowsSysinternals
Identity and Access Control
The Windows Sysinternals Web site includesadvanced system utilities and technicalinformation to help you manage, troubleshoot,and diagnose your Windows systems andapplications.
http://go.microsoft.com/fwlink/?LinkId=86405http://go.microsoft.com/fwlink/?LinkId=86405http://go.microsoft.com/fwlink/?LinkId=86405http://go.microsoft.com/fwlink/?LinkId=86405http://technet.microsoft.com/en-us/library/cc731515%28WS.10%29.aspxhttp://technet.microsoft.com/en-us/library/cc731515%28WS.10%29.aspxhttp://technet.microsoft.com/en-us/library/cc731515%28WS.10%29.aspxhttp://go.microsoft.com/fwlink/?LinkId=108514http://go.microsoft.com/fwlink/?LinkId=108514http://go.microsoft.com/fwlink/?LinkId=86409http://go.microsoft.com/fwlink/?LinkId=86409http://go.microsoft.com/fwlink/?LinkId=86409http://go.microsoft.com/fwlink/?LinkId=86409http://go.microsoft.com/fwlink/?LinkId=86409http://go.microsoft.com/fwlink/?LinkId=108514http://technet.microsoft.com/en-us/library/cc731515%28WS.10%29.aspxhttp://technet.microsoft.com/en-us/library/cc731515%28WS.10%29.aspxhttp://technet.microsoft.com/en-us/library/cc731515%28WS.10%29.aspxhttp://go.microsoft.com/fwlink/?LinkId=86405http://go.microsoft.com/fwlink/?LinkId=86405http://go.microsoft.com/fwlink/?LinkId=864058/10/2019 Enterprise Security Options in MOSS2007
44/49
MAUDLWIN 44 of 47
APPENDIX C: Security Features in SQL Server 2005
Key Features
The table below provides an overview of the security features in SQL Server 2005.
Feature Description
Off by Default
To reduce the SQL Server 2005 surface area tounauthorized access after initial installation, a number ofservices have been turned off or set for manual start-up sono inadvertent access is granted. Services that are off bydefault include the Microsoft .NET Framework, ServiceBroker network connectivity, and HTTP connectivity for
Analysis Services. Services that require manual interventionto start include SQL Server Agent, Full Text Search, andIntegration Services, which can all be reset for automaticstart-up.
Surface Area Reductionand Advanced Security
SQL Server 2005 provides rich security features to protectdata and network resources. It is much easier to achieve asecure installation of the software, because all but the mostessential features are either not installed by default ordisabled if they are installed. SQL Server provides plenty oftools to configure the server. Its authentication features
make it harder to get access to a server running SQL Serverby integrating more closely with Windows authentication andprotecting against weak or old passwords. Granting andcontrolling what a user can do when authenticated is farmore flexible with granular permissions.
Surface AreaConfiguration
SQL Server 2005 includes the SQL Server Surface AreaConfiguration Tool, which provides an intuitive graphicaluser interface (GUI) for configuring the server. Running thistool should be your first task after installing SQL Server. The
tool opens with a brief explanation of its purpose, and a linkto documentation. It includes a link to configure services andprotocols and another to configure other features.
Granular permissioncontrol
Permissions to perform a variety of database tasks havebeen made more granular to narrow the scope of rights thatmust be granted. This principle of least privileges helps
8/10/2019 Enterprise Security Options in MOSS2007
45/49
MAUDLWIN 45 of 47
ensure that database users have sufficient rights to do theirtasks but only their tasks. The need to grant broadadministrative rights to perform routine maintenance taskshas also been significantly decreased.
Separation of users andschema
SQL Server 2005 simplifies security administration byseparating the implicit link between users and the databaseobjects that they own. For example, in earlier versions ofSQL Server, if you wanted to remove a user, you had to firstdrop or reassign ownership of all database objects that theuser owned, which significantly complicated the process andpotentially impacted a large number of applications. With thenew model, dropping users does not require an applicationchange.
Enforced passwordpolicy for standardlogins
Administrators are able to specify Microsoft Windows stylepolicies on standard logins so that a consistent policy isapplied across all accounts in the domain.
Execution context onmodules
SQL Server 2005 allows you to specify a context underwhich statements in a module execute. This feature alsoacts as an excellent mechanism for granular permissionmanagement.
Data DefinitionLanguage (DDL)triggers
With SQL Server 2005 you are able to specify triggers onDDL operations, providing a supplemental mechanism forauditing DDL actions.
Native Encryption
SQL Server 2005 supports encryption capabilities within thedatabase itself, fully integrated with a key managementinfrastructure. By default, client/server communications areencrypted. To centralize security assurance, server policycan be defined to reject unencrypted communications.
Clusteringauthentication
SQL Server 2005 clustering supports Kerberosauthentication on a virtual server. Administrators are able tospecify Microsoft Windows style policies on standard loginsso that a consistent policy is applied across all accounts inthe domain.
8/10/2019 Enterprise Security Options in MOSS2007
46/49
MAUDLWIN 46 of 47
Multiple proxy accounts SQL Server Agent supports multiple proxy accounts (oneper job subsystem).
No dependency on theLocal SecurityAuthority (LSA)database
SQL Server Agent no longer requires access to the LSA touse proxy accounts. Therefore, SQL Server Agent no longerrequires the service to run as a local administrator for it to beenabled.
SQL Profiler no longerrequires systemadministrator rights
A new permission is available in SQL Server 2005 thatallows users who do not have system administrator rights torun SQL Profiler.
Analysis servercommunicationencryption with server-defined policies
By default, client/server communications are encrypted. Tocentralize security assurance, server policy can be defined
to reject unencrypted communications.
Granular administrativeroles for Analysisserver
More administrative permissions are available in SQL Server2005. In addition to online analytical processing (OLAP)administrators, database administrators are able to possessadministrative permissions within the context of an individualdatabase. New permissions on objects enable users to seethe object definition (without being able to access the objectitself) and to process an object.
SQL Server Agent jobroles
SQL Server Agent has been enhanced to support assigningrights over jobs in a granular fashion.
New tools and Help files
A set of new deployment tools and documentation helpsensure that SQL Server 2005 can be securely deployed intoan existing SQL Server topology or a new installation. Thesetools provide a step-by-step approach by giving detailedinformation, analyzing the existing topology, checking forprerequisites, recommending a configuration setting, andvalidating each step.
Improved auditingcapability for AnalysisServices
SQL Server 2005 Analysis Services includes new auditingcapabilities integrated with SQL Profiler.
Security bulletins Microsoft will publish security bulletins and patches asappropriate for SQL Server 2005. These bulletins help you
8/10/2019 Enterprise Security Options in MOSS2007
47/49
MAUDLWIN 47 of 47
understand and assess potential threats to your existingenvironments, and how to neutralize those threats.
Microsoft InternetInformation Services(IIS) Lockdown Wizard
If you plan to deploy SQL Server 2005 on a Windows 2000Server platform, the IIS Lockdown Wizard is a powerful toolfor securing your Web server environment. IIS LockdownWizard works by turning off features that are unnecessary inyour environment, thereby reducing the exposed potentialsurface available to attack. To provide defense in multiplelayers of protection against attackers, a tool calledURLScan , with customized templates for each supportedserver role, is integrated into the IIS Lockdown Wizard.If you are deploying SQL Server 2005 on a Windows Server2003 platform, the IIS Lockdown Wizard is integrated into IIS
6.0.
http://www.microsoft.com/windows2000/downloads/recommended/iislockdown/default.asphttp://www.microsoft.com/windows2000/downloads/recommended/iislockdown/default.asphttp://www.microsoft.com/windows2000/downloads/recommended/iislockdown/default.asphttp://www.microsoft.com/windows2000/downloads/recommended/urlscan/default.asphttp://www.microsoft.com/windows2000/downloads/recommended/urlscan/default.asphttp://www.microsoft.com/windows2000/downloads/recommended/urlscan/default.asphttp://www.microsoft.com/windows2000/downloads/recommended/iislockdown/default.asp8/10/2019 Enterprise Security Options in MOSS2007
48/49
MAUDLWIN 48 of 47
Resources
The following resources are provided to assist in developing solutions in a MicrosoftOffice SharePoint 2007 environment:
Attend a free webcast or chat (http://www.microsoft.com/sql/community/webcasts.aspx)Building Custom Search WebParts with Integrated SAP NetWeaver Portal Search forMicrosoft Office SharePoint Server 2007 (http://go.microsoft.com/fwlink/?LinkId=100413&clcid=0x409)Business Data Catalog Authentication (http://go.microsoft.com/fwlink/?LinkID=100498&clcid=0x409)Configure single sign-on (http://go.microsoft.com/fwlink/?LinkId=95570&clcid=0x409)
Enterprise Search Architecture in Microsoft Office SharePoint Server 2007 (http://go.microsoft.com/fwlink/?LinkID=100497&clcid=0x409)Integrating Microsoft Office SharePoint Server 2007 and SAP (http://go.microsoft.com/fwlink/?LinkId=91026)Integration of SAP Business Server Pages (SAP BSP) in SharePoint 2007 (http://go.microsoft.com/fwlink/?LinkId=95579&clcid=0x409)Microsoft Office SharePoint Server 2007 SDK (http://go.microsoft.com/fwlink/?LinkID=82788&clcid=0x409)Microsoft/SAP Alliance
(http://go.microsoft.com/fwlink/?LinkId=95574&clcid=0x409)Plan for single-sign on (http://go.microsoft.com/fwlink/?LinkId=95569&clcid=0x409)Product Overview Whitepaper (http://www.microsoft.com/sql/2005/productinfo/overview.mspx)Resources for Interoperability with Microsoft Office SharePoint Server 2007 (http://go.microsoft.com/fwlink/?LinkID=95865&clcid=0x409)SQL Server Homepage (http://www.microsoft.com/sql)
http://www.microsoft.com/sql/community/webcasts.aspxhttp://www.microsoft.com/sql/community/webcasts.aspxhttp://go.microsoft.com/fwlink/?LinkId=100413&clcid=0x409http://go.microsoft.com/fwlink/?LinkId=100413&clcid=0x409http://go.microsoft.com/fwlink/?LinkId=100413&clcid=0x409http://go.microsoft.com/fwlink/?LinkID=100498&clcid=0x409http://go.microsoft.com/fwlink/?LinkID=100498&clcid=0x409http://go.microsoft.com/fwlink/?LinkId=95570&clcid=0x409http://go.microsoft.com/fwlink/?LinkId=95570&clcid=0x409http://go.microsoft.com/fwlink/?LinkID=100497&clcid=0x409http://go.microsoft.com/fwlink/?LinkID=100497&clcid=0x409http://go.microsoft.com/fwlink/?LinkId=91026http://go.microsoft.com/fwlink/?LinkId=91026http://go.microsoft.com/fwlink/?LinkId=95579&clcid=0x409http://go.microsoft.com/fwlink/?LinkId=95579&clcid=0x409http://go.microsoft.com/fwlink/?LinkID=82788&clcid=0x409http://go.microsoft.com/fwlink/?LinkID=82788&clcid=0x409http://go.microsoft.com/fwlink/?LinkId=95574&clcid=0x409http://go.microsoft.com/fwlink/?LinkId=95574&clcid=0x409http://go.microsoft.com/fwlink/?LinkId=95569&clcid=0x409http://go.microsoft.com/fwlink/?LinkId=95569&clcid=0x409http://www.microsoft.com/sql/2005/productinfo/overview.mspxhttp://www.microsoft.com/sql/2005/productinfo/overview.mspxhttp://go.microsoft.com/fwlink/?LinkID=95865&clcid=0x409http://go.microsoft.com/fwlink/?LinkID=95865&clcid=0x409http://www.microsoft.com/sqlhttp://www.microsoft.com/sqlhttp://www.microsoft.com/sqlhttp://go.microsoft.com/fwlink/?LinkID=95865&clcid=0x409http://www.microsoft.com/sql/2005/productinfo/overview.mspxhttp://go.microsoft.com/fwlink/?LinkId=95569&clcid=0x409http://go.microsoft.com/fwlink/?LinkId=95574&clcid=0x409http://go.microsoft.com/fwlink/?LinkID=82788&clcid=0x409http://go.microsoft.com/fwlink/?LinkId=95579&clcid=0x409http://go.microsoft.com/fwlink/?LinkId=91026http://go.microsoft.com/fwlink/?LinkID=100497&clcid=0x409http://go.microsoft.com/fwlink/?LinkId=95570&clcid=0x409http://go.microsoft.com/fwlink/?LinkID=100498&clcid=0x409http://go.microsoft.com/fwlink/?LinkId=100413&clcid=0x409http://go.microsoft.com/fwlink/?LinkId=100413&clcid=0x409http://www.microsoft.com/sql/community/webcasts.aspx8/10/2019 Enterprise Security Options in MOSS2007
49/49
MAUDLWIN 49 of 47
Bibliography
Cardarelli, M., & Bisciotti, N. (2006, April 7). Microsoft Office SharePoint Server 2007 Security Model .Retrieved September 2, 2009, from msdn.com/sharepoint:http://blogs.msdn.com/sharepoint/archive/2006/04/07/570939.aspx
English, B. (2007). Microsoft Office SharePoint Server 2007: Administrator's Compnaion. Redmond:Microsoft Press.
Microsoft Corporation. (2007, February 16). Microsoft SQL Server 2005: Security Enhanced DatabasePlatform. White Paper . Redmond, Virginia: Microsoft Corporation.
Microsoft Corporation. (2009, March 19). Secure Windows Server 2008. Retrieved September 4, 2009,from technet.microsoft.com: http://technet.microsoft.com/en-us/library/cc725998%28WS.10%29.aspx
Microsoft Corporation. (2009, April 16). Security and Protection. Retrieved September 07, 2009, fromtechnet.microsoft.com: http://technet.microsoft.com/en-us/library/dd723678%28WS.10%29.aspx
Microsoft Corporation. (2009, February). Security Compliance Management Toolkit Release Notes. Retrieved September 05, 2009, from Microsoft.com: http://go.microsoft.com/fwlink/?LinkId=103573
Microsoft IIS7 Team. (2009, May 27). IIS7 Security. Retrieved September 9, 2009, from learn.iis.net:http://learn.iis.net/page.aspx/139/iis7-security-improvements/
Office IT and Servers User Assistance, Microsoft Corporation. (2008, July). Office SharePoint ServerSecurity. White Paper . Redmond,, Virginia: Microsoft Corporation.
Pyles, J., Buechler, C. M., Fox, B., Gordon, M., Lotter, M., Medero, J., et al. (2007). SharePoint 2007: TheDefinitive Guide. Sebastopol: O'Reilly Media, Inc.
Varma, Dr. Umesh. (2009, April 23). Classroom lecture. (ITM 5600, Lecture)
Whitman, M. E., & Mattord, H. J. (2004). Management of Information Security. Boston: Thomson CourseTechnology.