How Secure is Sharepoint?#

Someone asked me the question "how secure is sharepoint?"

I actually think thats very hard to answer within the context of which the question is being asked.

“how secure is sharepoint?”  We'll - how secure is any online system?

Kerberos, AD, Federated AD (policy based), SSL encryption, Forms Authentication, Token based security, is all supported.  Permissions enforce security to the granular level and strengthen it based on zones of access (ie different access for internet audience than intranet audience).

Its worth looking at Joel Olesons blog entry on this which covers a lot of the enhancements in security for MOSS 2007

http://blogs.msdn.com/joelo/archive/2007/04/06/security-improvements-in-sharepoint-server-2007.aspx

Most public instance of MOSS use ISA Server and https encryption with forms authentication.  So it’s really as secure (probably more so) as using an online banking system in terms of data transmission and storage.  You only have proxied access to the internal system over HTTPS from an internet access point, you are never really on the servers even – which makes hacking it very difficult.  When you add forefront into the mix its hardened even further.

From an architectural view, this kind of security approach means it can be security hardened to the nth degree as a product.  Architecture of the underlying application for hardened security is quite an art form and you can go overboard easily.

For reading:  I would start here with the roadmap and downloadable book on the requirements for hardening a  MOSS instance.

http://technet.microsoft.com/en-us/library/cc263518(TechNet.10).aspx

6/18/2008 9:57:38 AM (GMT Standard Time, UTC+00:00) #    Comments  |  Trackback

 

Central Admin Server is offline#

Most people tend to run Central Admin on a single server, as its usually a bit of a pain to run it load balanced.  Now that is not normally an issue - that is of course until you lose the server its running on.

Try as hard as you might, you wont be able to just enable it on another server as the farm thinks its already provisioned.  That means you will have to reprovision it on a different server, get Central Admin up and running on an alternative box and then take the old Central Admin application out of the farm.

There is a tool to help you with this and its good old psconfig.exe.

The trick in enabling a replacement Central Admin server is to ensure you provision with a new port, because if you don't the timer job that activates the newly provisoned server will not run, and the old Central Admin allocation will remain active leaving you with two innaccesible Central Admin applications.

So, on the new server as a precaution run:

psconfig.exe -cmd adminvs -unprovision

and then run it again to provision a new Central Admin service, ensuring you specify the replacement port number.

psconfig.exe -cmd adminvs -provision -port 8080 -windowsauthprovider onlyusentlm

You should now be able to access Central Admin on the new port, allowing you to go into Operations and delete the application for the old service.  When you get the old server re-instated make sure the old application isn't still lurking. 

6/14/2008 9:33:47 PM (GMT Standard Time, UTC+00:00) #    Comments  |  Trackback

 

All content © 2009, John Timney
On this page
How Secure is Sharepoint?
Central Admin Server is offline
This site
Syndicate XML
Calendar
<January 2009>
SunMonTueWedThuFriSat
28293031123
45678910
11121314151617
18192021222324
25262728293031
1234567
Archives
 Full Archives By Category
December, 2008 (2)
November, 2008 (2)
August, 2008 (2)
June, 2008 (2)
May, 2008 (2)
March, 2008 (2)
February, 2008 (2)
January, 2008 (4)
November, 2007 (1)
October, 2007 (1)
June, 2007 (1)
April, 2007 (1)
February, 2007 (1)
January, 2007 (1)
December, 2006 (2)
November, 2006 (3)
October, 2006 (2)
July, 2006 (1)
Sitemap
Blogroll OPML
Talk to Me

The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

Send mail to the author(s) E-mail