Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley
3 likes•3,931 views
The document discusses the security vulnerabilities and auditing challenges of SharePoint, highlighting issues such as mismanaged permissions, data exposure, and the need for regular audits. It emphasizes the importance of robust governance, configuring security settings, and employing third-party tools for compliance. Recommendations include routine permission cleanups, encryption of sensitive data, and establishing policies to manage and track site usage effectively.
Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley
- 1. Joel Oleson Managing Director of S6 @joeloleson http://sharepointjoel.com Christian Buckley Evangelist at Axceler Now Metalogix @Buckleyplanet
- 3. NSA Recap Real World SharePoint Permissions & Auditing Time for an Audit SharePoint Lockdown & Hardening Time to Review Data Policies Tools to Automate Enforce & Report
- 6. "This leaker was a sysadmin who was trusted with moving the information to actually make sure that the right information was on the SharePoint servers that NSA Hawaii needed," NSA Chief Alexander The leaks represented "a huge break in trust and confidence“ … They still don’t know what was taken…
- 9. Users CAN NOT tell what permissions/RIGHTS are on the site they are uploading documents to. Search EXPOSES documents from EVERYWHERE DATA is not ENCYPTED by default 30% or more Site Owners have left or moved jobs More than half of sites after 3 years are Abandoned No cleanup of permissions, easier to add groups and authenticated users Most sensitive sites are in the site directory and in enterprise search All data is stored in the same databases Result: People didn’t TRUST SharePoint. Sensitive data is exposed to search and users have rights to content they shouldn’t. INFOSEC says “SHUT IT DOWN!”
- 10. Permissions Troubleshooting why users cannot see the content they should Reporting for different types of compliance Auditing who has access to sensitive content Usage/Activity Finding what content is, or is not, being used Planning for future growth Understanding hardware requirements Storage Monitoring growth for performance reasons Understanding hardware requirements Reorganizing taxonomy based on Storage needs Audit Needing to show who accessed what and when, to adhere to internal or external compliance requirements Performance Monitoring page load times to uncover problems Planning for increased usage
- 11. • Auditing • User access records • Troubleshooting functionality problems that most commonly stem from end users trying to perform a task without having the correct permissions.
- 12. Perform regular security checks across your farm, down to the document level Proactively review, delete, and reassign user permissions as needed Clean up users who are no longer in Active Directory but are in SharePoint Review SharePoint groups Have a process to backup and restore permissions Document site permissions (roles) so that its easier to duplicate them for new employees Monitor SharePoint licensing
- 26. GlobalWorkforce (LOW)– Open to all Authenticated users. Listed in directories, boosted in search when relevant, cheap storage, flexible archiving policies. Published and Mobile Accessible. Team/Group Sensitive (MEDIUM) – Secured to a team or group. No permitted use of Authenticated users at top site collection level, not listed in global site directory. Security trimmed and included in enterprise search. Cheap storage. Published and Mobile Accessible. Classified/Business Confidential (HIGH) – Stored in separate encrypted databases in separate data center as policy permits. Limited security to sysadmins, regularly audited and restricted to named accounts, no security groups, only reliable and trusted. Regular permissions audit report sent to site administrators, Not included in Enterprise search, Not included in any directories. No use of Auth Users at any level.VPN Only No external publishing. Auditing activated. Any changes to permissions or auditing reported immediately.
- 30. Who has Admin rights to your SharePoint & SQL or External Storage servers? What sites have open access anonymous or authenticated users? How are you tracking who has access? What File was leaked how will you find it, and determined who moved, deleted, copied, etc… What are you using for Auditing? SharePoint Usage Logs and IIS logs are NOT AUDIT LOGS!!! Default Settings Are NOT Designed for Highly Sensitive Data – MUST CONFIGURE! Not Encrypted No Auditing No Reporting
- 31. Use Reverse Proxy with Content Inspection Don’t expose SharePoint to the Internet Directly Lock down Web Services Use Lockdown Mode (Automatic for Publishing site, but needs activated through STSADM or Powershell for all other site templates) Penn Testing and Lockdown of unneeded services (SMTP?) and communication Ports Restrict Firewall to only required ports Follow SharePointVulnerabilities http://www.cvedetails.com/vulnerability-list/vendor_id- 26/product_id-11116/Microsoft-Sharepoint-Server.html Least Priv across the board! Keep up to date with Service Packs and Significant CUs Patches (N-2 on CUs) Kudos to Liam Cleary SharePoint MVP http://www.slideshare.net/helloitsliam/think-you- can-hack-sharepoint-sharepoint-fest- dc?from_search=3
- 41. Process Technology to Simplify the Process People to Enforce Policies Site Archiving Ensure Sites are Still being used every 6 months. Backup and Delete unused sites. Fix ownership. Archiving Process. Invalid Ownership Detection process. SharePoint Team with regular audits from Infosec.
- 42. 1. SharePoint Server & SQL Hardening & Penetration Testing and Intrusion Detection 2. Managing permissions, Site and Library ownership? 3. Data Retention Policy? Site Archiving or Data lifecycle policies? 4. Databases/Sites/Files Encrypted 5. Rights Managed 6. Admins have rights to data? 7. Audit process and tool? 8. Search Exposure? PII 9. Authentication - Just because it's over SSL doesn't mean it's secure. Amazing what can happen inside an SSL Tunnel. Content inspection! 10. Is SharePoint out of the box security and auditing good enough? Should you consider building extra governance around your sites and data for policies or a third party tool? - See more at: http://www.sharepointjoel.com/Lists/Posts/Post.aspx?List=0cd1a63d%2D183c%2D4fc2%2D8320% 2Dba5369008acb&ID=688#sthash.YTq35lto.dpuf
- 43. It’s time to stop hoping something won’t happen… Prepare for it. Governance = putting those plans in place and building trust. SharePoint Out of Box Does NOT address all your auditing and compliance needs for any business critical environment Consider Third Party or Custom Development Axceler/Metalogix ControlPoint & Salient6 are here to help Don’t be surprised when you find centralized permissions management a nightmare.You must have policies and cleanup processes.
- 44. Joel Oleson @joeloleson SharePointJoel.com Salient6 http://www.salient6.com Christian Buckley @buckleyplanet BuckleyPlanet.com Metalogix.com