Whew, I reviewed Chapter 11 back in the beginning of Oktober, so it seriously time to carry on with the last chapters of the book. Here goes Chapter 12: Securing SharePoint Communication by Adam Buenz!!
The breadth of SharePoint Security
Adam starts this chapter by telling there are numerous ways to mitigate risks and harden SharePoint, like using the built-in Windows 2003 and SharePoint security instruments to implementations of Microsoft Sister Platforms. He also notes that regarding the circumstances your company is in and the goal(s) of the SharePoint implementation, you will have to use different security standards, tools and strategies.
SharePoint is still ASP2 based, therefore it is still a web application and people generally plan for the security of SharePoint while ignoring some or all associated products and technologies.
Steps to SharePoint security
To start describing security, Adam points the (well-known by IT- enthousiasts) OSI model to display the different layers security has.
He also points to the foundation building blocks that are generally found in most properly sheltered collaboration environments:
- secure inter-server communication ( by using SSL )
- secure server-client communication ( by using SSL )
- introduce and manage application layer firewalls ( by using ISA )
Adam holds on the layered manner approach of securing SharePoint by forming a security blueprint known as threat modeling.
Secure the communication layer
Here, Adam describes the difference between SSL and IPSec for SharePoint on a infrastructural point. He states that a combination of both would be optimal, using SSL for handling secure client requests and IPSec for inter-server SharePoint farm communication encryption.
After that statement, he describes very roughly how to setup IPSec. Roughly because I seriously don't know how I can redo it, but then again, I have a very limited Windows 2003 Server knowledge (thanks to my windows-client developer background).
Next he talks about Kerberos authentication, the benefits and how it works and how to set it up for authentication with SharePoint. Next comes Microsoft Certificate Services and how to create self-signed certificates. All in all a very good read if you know virtually nothing about Server Security.
ISA server and SharePoint
This piece is about Microsoft Internet Security and Acceleration Server 2006, which brings an application firewall and SSL bridging to SharePoint and other Services in your park. Adam talks about 3 tasks you need to perform in regard to ISA:
- set up SSL bridging
- configure link translation
- set up connectivity to monitor SharePoint server
Next he goes into detail about SSL bridging, setting up alternate access mappings (AAM) and using an exported SSL certificate. Also a big part about letting ISA know what type of authentication you use and their delegation routines, ISA and link translation and how to create connection verification for SharePoint Server Health Monitoring.
As a summary of this chapter one can say that this is fit for real Administrators, and now I totally understand why we offer a 2 day course on Administering SharePoint and WSS. I had no clue there were that many concepts in SharePoint security!
Good news is that a lot of tools that are required for an appropriate implementation of SharePoint are already built into it or on the Windows Server 2003 platform.
2 more chapters to go, and then it is on to the next review: Trainsignal's SharePoint training for Administrators.
Friday, November 9, 2007
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment