locked
Sharepoint Security RRS feed

  • Question

  • Hello,

    I would like to hear feedback from the community regarding Sharepoint's security. We are planning a Sharepoint Site for a client that will be accessible from the net and we want to make sure it's as secure as possible. We are planning to take the following precautions:

    1. We are using HTTPS with 2048 bit key to access the site
    2. We have a warning message to user warning them about shoulder surfers
    3. We have an internet facing router so only HTTPS 443 is open
    4. We require strong passwords backed up by GP's

     

    My questions are as follows:

    Is there any known SQL injection that target Sharepoint DB's? (We are not using SQL Server but rather the bundled SQL Express)
    What other security risks should I look out for?
    We have a public site with anonymous access and when users log in the internal site links appear based on permissions. Is this secure or it it better to have two separate sites?

     

    Tks,

     

    Nakie


    Naki K. / Falcon IT Services


    • Changed type Mike Walsh FIN Thursday, May 26, 2011 9:45 AM q
    • Edited by Mike Walsh FIN Thursday, May 26, 2011 9:46 AM SP 2010 question removed. If you want to ask about SP 2010 post to a SP 2010 forum. Here it's off-topic
    Thursday, May 26, 2011 2:52 AM

Answers

  • As always use the latest SPs and CUs. There are a number of ecommerce sites using SharePoint like Hawaiian Airlines. However, the over all security of SharePoint is in your design. Though you can mix authenticated and anonymous users unless its being used only content thats supposed to published to the internet why would you?? Use FBA in SP2007. I think you may mean passwords are enforced by GPOs...

     

    -Ivan

     

     


    Ivan Sanders My LinkedIn Profile, My Blog, @iasanders.
    • Edited by Mike Walsh FIN Sunday, June 19, 2011 10:32 AM Ivan, please stop adding SP 2010 comments to your posts in addition to actually answering the pre-SP 2010 question. SP 2010 is off-topic here and showing that you know the difference between 2007 and 2010 is also off-topic in a 2007 thread.
    • Marked as answer by Naki K. _ Friday, July 8, 2011 6:49 PM
    Sunday, June 19, 2011 8:21 AM

All replies

  • As always use the latest SPs and CUs. There are a number of ecommerce sites using SharePoint like Hawaiian Airlines. However, the over all security of SharePoint is in your design. Though you can mix authenticated and anonymous users unless its being used only content thats supposed to published to the internet why would you?? Use FBA in SP2007. I think you may mean passwords are enforced by GPOs...

     

    -Ivan

     

     


    Ivan Sanders My LinkedIn Profile, My Blog, @iasanders.
    • Edited by Mike Walsh FIN Sunday, June 19, 2011 10:32 AM Ivan, please stop adding SP 2010 comments to your posts in addition to actually answering the pre-SP 2010 question. SP 2010 is off-topic here and showing that you know the difference between 2007 and 2010 is also off-topic in a 2007 thread.
    • Marked as answer by Naki K. _ Friday, July 8, 2011 6:49 PM
    Sunday, June 19, 2011 8:21 AM
  • Hi,

    Please let us know if the replies were helpful or your question was answered and if the issue has beeen resoleved so we can close the post.

     

    -Ivan


    Ivan Sanders My LinkedIn Profile, My Blog, @iasanders.
    Wednesday, June 29, 2011 7:39 AM
  • You need to look at the security of your servers and network.

    You need to look at your user provision, management, and expiration policies.

    You need to look at your policies for sensitive information, and information expiration.

    You need to look at scenarios of human mistakes; what happens if a human accidentally uploads sensitive information to the wrong URL?

    You need to people familiar with relevant security and information policies involved.

    Remember: a system is only as secure as its weakest link.

    Friday, July 8, 2011 3:29 PM
  • Thank you all for the valuable feedback. I have done some research on the subject and at this point in time we feel very safe about Sharepoint in general.

     

    Thanks again.


    Naki K. / Falcon IT Services

    Friday, July 8, 2011 6:52 PM