David J Pileggi Jr.SharePoint EvangelistM@DSoftMadsoft2004@yahoo.com

SharePoint Security:Through the Looking Glass

was made possible by the generous support of the

following sponsors…

And by your participation… Thank you!

Be sure to fill out your eval form & turn in at the end of the day for

a ticket to the BIG raffle!

Join us for the raffle & SharePint following

the last session

Introduction

The Real Introduction Computer Science degree from University of

Central Florida Professionally working in the IT industry for 11

years Working specifically with SharePoint for last 8

years Taught several SharePoint 101 classes Designed SharePoint solutions more than 40

Companies Ranging from Regional to Fortune 100 Member of New England SharePoint Users Group Avid Alpha/Beta tester SharePoint and otherwise

Itinerary The Cast The Good The Bad The Ugly Building Security Schema’s Final Thoughts Q&A

Session Goals This is a Level 300 session. Easy to

understand, difficult to master To address the high level theoretical

approach to SharePoint Security To discover several best practices

surrounding security Discover what not to do or if done what to

expect when actions that are less than best practice is utilized

Leave with a heightened level of understanding surrounding securing SharePoint Portals, sites, etc.

The Cast AD (Cheshire Cat)

Users Security Groups

SharePoint Security Groups (White Rabbit)

SharePoint Permission Levels (Mad Hatter) Out of Box Custom

FBA (Caterpillar) oAuth (Door Mouse)

The Good: AD (Cheshire Cat) Security Groups

already there In a controlled

environment Great for giving

sweeping permissions

Best Practice

The Good: SharePoint Security Groups(White Rabbit)

High turnover Small groups in

large corporations Easy to create with

perks Use custom

permission sets Create distribution

list Delegate

responsibility

The Good: SharePoint Permission Levels (Mad Hatter)

Out of box permission sets are acceptable tiers of permissions

Ability to create custom permission sets SharePoint breaks down permissions into 32 individual

selections Three sections group the 32 individual selections

The Good: FBA (Caterpillar) Forms Based Authentication can fit YOUR

business mold FBA allows a way users beyond your walls to

participate FBA allows an alternate way to authenticate There are a lot of tools to help you jump start FBA

The Good: oAuth (Door Mouse)

Remove the need to own the responsibility of supporting user base

One less username and password users will have to remember

The Bad: AD (Cheshire Cat) Can be a potential

bottleneck Will show how the

information is kept up… or not

The Bad: SharePoint Security Groups (White

Rabbit)

Could potentially get out of hand Multiple groups per

site Groups not

maintained Dilute the primary

security schema Email enabled

farm??

The Bad: SharePoint Permission Levels (Mad Hatter)

Over complication KISS method

The Bad: Visualizing Security (Mad Hatter continued)

The target theory Build in concentric

circles Contain as much as

possible Understanding how to

put it all together

The Bad: FBA (Caterpillar) You own it and everything that comes with

it Development cycles Maintenance of the code Maintenance of the database(s) Help Desk/support will be needed

The Bad: oAuth (Door Mouse) Not a flip of the switch 3rd Party may (read, must) be used OR lots

of development and configuration pain

The Ugly

The No Security Schema … Schema The best security schema over time will

deteriorate

Building Security Schema’s Information Age cliché:

Know your Data! What is going to be

housed in your farm HIPPA Sarbanes Oxley Etc.

Site Collection One vs. Many Securities smallest common

denominator Portals and departments

and teams OH MY!

Zones There are 5 Zones that can refer to the

same Web Application Default Custom Internet Intranet Extranet

Probably one of the best kept secrets Security can be at different levels per

zone

Final Thoughts Intranet, Extranet, Internet (oh my)

Intranet Use of AD for security

Extranet/Internet AD Forms Based Authentication Active Directory Federation Services (ADFS) Anonymous

Active Directory Rights Management Services

Q&A

ResourcesAD Rights Management Services: http://www.microsoft.com/windowsserver2008/en/us/ida-information-protection.aspx

Contact Information

David J Pileggi Jr.Consultant at InsightEmail: dpileggi@portalsolutions.netBlog: http://sharepoint.mindsharpblogs.com/davep Twitter: @DavidPileggi

Thank You!Please fill out and return your evaluations.

We want to know what you think.