10 points to make a rogue SharePoint environment really, really secure..
1 like•659 views
The document outlines a presentation on securing a rogue SharePoint environment, emphasizing the importance of understanding security permissions, documenting processes, and avoiding data leaks. It includes a step-by-step methodology for improving security, such as removing access, resetting passwords, and monitoring service accounts. Key takeaways stress communication, thorough documentation, and the necessity of using proper security tools.
![Wave 10- Continued
Add in tracking into the masterpage:
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsOb
ject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1
*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.sr
c=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-
analytics.com/analytics.js','ga');
ga('create', 'UA-4669498-5',
'onecallcm.com');
ga('send', 'pageview');
</script>](https://image.slidesharecdn.com/securingsharepoint-140926095604-phpapp01/85/10-points-to-make-a-rogue-SharePoint-environment-really-really-secure-38-320.jpg)
10 points to make a rogue SharePoint environment really, really secure..
- 1. 10 points to make a rogue SharePoint environment really, really secure.. Presented By Peter Ward – September 20th 2014 w- www.sohodragon.com c- 862 220 6080 b-www.wardpeter.com
- 2. New Jersey SharePoint user group • Different SharePoint discussions each month on various topics. Announced on meetup.com • Meets 4th Tuesday of every month • 6pm – 8pm • Microsoft Office (MetroPark) • 101 Wood Ave, Iselin, NJ 08830 • http://www.njspug.com
- 3. Thank You Event Sponsors • Diamond & Platinum sponsors have tables here in the Fireside Lounge • Please visit them and inquire about their products & services • Also to be eligible for prizes make sure to get your bingo card stamped
- 4. Agenda • Context of the presentation • Where to start? • Understanding security permissions and how to apply it • Create a methodology • How to avoid data leaks • Show user activity on all levels • Creating a game plan
- 5. Green dot This indicates an important point
- 6. Before We Begin • Q&A – We will have time at the end of the presentation for questions…. But I encourage you to interrupt me and ask • A copy of this presentation is on my blog
- 7. Reminder slide • A copy of this presentation is on my blog www.wardpeter.com This means you only need to watch. There is no need to take notes
- 9. Context of the presentation This SharePoint needs to work Summary 2 days to take ownership Only Prod environment No Dev. Rogue former vendor team
- 10. Takeaways • Understanding ownership steps • Confidently applying security • The little things really matter • Process and communication is key • Learn how to refactor an environment • Good example of reality SharePoint security planning Learn learnt: Technology problems aren’t always technology problems
- 11. Audience Networking FolksSharePoint Folks Networking steps SharePoint steps Networking steps SharePoint steps
- 12. The inherited environment • Hosted environment • SharePoint 2010 Enterprise • 3 months of undocumented code and environment. • No Visio diagrams • Hard coded ID and passwords everywhere… and I mean everywhere • A few URL’s a Service Account ID and password • SQL Server Reporting Services • Oh I forgot: • Can’t use 3rd party tools to run audits of security • Internal IT department has no real understanding how SharePoint works or what was deployed or developed
- 13. Where to start • Understand SharePoint security • Business processes • Create a methodology
- 14. Understanding security accounts and how to apply it Domain • Active Directory Groups…. Not distribution • Domain services- Exchange, IIS Server • Boxes SharePoint • Site Collections • Sites • SharePoint groups Demarcation of responsibility Service accounts
- 15. Business Processes Talk to end users face to face Understand their language: What they think SharePoint actually is A list is a report Alert is an email What, why, when, who
- 16. Now we can start
- 17. Create a methodology Wave 1 Wave 2 Wave 3 Wave 4 Wave 5 Wave 6 Wave 7 Wave 8 Wave 9 Wave 10
- 18. Wave 1 – Kick off Back up the server .. Make sure this is SQL. Ask how long back ups are kept Ask for a back up.. To test the internal IT Restoring env. Notify the user base what is going on and in the communication have a team member’s email and direct phone number Identify all the services are running Reboot the servers Enforce a change log- SharePoint list. Set up alerts to your team Key wins: Immediately know if services stop… and are not related to the password changes Any problems you can blame the previous vendor on the morning you start
- 19. Wave 2 – Start documentation • Technical inventory of the following: • SharePoint, edition, SQL version • InfoPath- purpose, template location • Server box names • Obtain/ create system accounts and password and purpose • Server boxes • Architectural diagram • Env.. • SharePoint collections • Central Admin • Installed web parts
- 20. Wave 2 – continued- Ask questions • What’s the source code control? This should be reviewed • Is there a DR plan for SQL db’s • Is there a DR plan for SharePoint • Report names and their purpose • Understand the integration points
- 21. Now you need to break ground
- 22. Wave 3 – Removing access • VPN access- remove • Service accounts • Vendor ids • Remote access to boxes • SharePoint env. • Site collection administrators
- 23. Wave 4 – Users • Reset all users passwords in PowerShell • Ed Wilson and Craig Liebendorfer, Scripting Guys • Don’t delete the old vendor ID yet. Because they are in code and workflow
- 24. Wave 4 – disable unused accounts • Wait a week for things to settle down • Note disable.. Not delete
- 25. Wave- 4 SharePoint permissions • Do’s • Use Groups – Either AD or SharePoint •Don’ts • Not everyone needs to be Site Collection Admin • Or Full Control
- 26. Wave 5 – Service Accounts • Create a ID inventory file (Excel) with both old and new password • Stop and restart services • Restart server for good measure
- 27. Wave 6 – Firewall account • Because there could be IP addresses of the boxes made public. • and there was… therefore you could get to the box, with no VPN • Use Netstat command to listen to traffic on the ports Link
- 28. Tea break • Questions if you want.
- 29. Wave 6 – Network Traffic
- 30. Wave 6 – Network Traffic • Port 443 secure https • Port 80 Unsure
- 31. Think again Think old vendor is locked out…….
- 32. Wave 7 – Email • Change emails in AD • Redirection capture - DNS
- 33. Wave 7 – Email • Email forwarding
- 34. Wave 7 – Workflow • Impersonation Steps Create a workflow AD account . Needs to be a site collection administrator
- 35. Wave 7 – Workflow • Hard coded email addresses
- 36. Wave 8- SP Security trimming Central Admin Internal IP address Only accessible via RDP login
- 37. Wave 9- Quick Sweep Check the Service accounts Logging
- 38. Wave 10- Continued Add in tracking into the masterpage: <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsOb ject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1 *new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.sr c=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google- analytics.com/analytics.js','ga'); ga('create', 'UA-4669498-5', 'onecallcm.com'); ga('send', 'pageview'); </script>
- 41. Wave 10+- Final bit of advice to client • Buy password security software • Stores IDs and passwords • Audit log of who’s accessing IDs IT loved this
- 42. Final bit of advice. Be aware • Click here
- 43. This is the end. This is the part of the presentation when people should clap and cheer
- 44. Questions? • [email protected] • w-www.sohodragon.com • b-www.wardpeter.com • c- 862 220 6080