![Wave 10- Continued
Add in tracking into the masterpage:
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsOb
ject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1
*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.sr
c=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-
analytics.com/analytics.js','ga');
ga('create', 'UA-4669498-5',
'onecallcm.com');
ga('send', 'pageview');
</script>](https://image.slidesharecdn.com/securingsharepoint-140403123301-phpapp02/85/Securing-sharepoint-36-320.jpg)
Securing sharepoint
- 1. 10 points to make a rogue SharePoint environment really, really secure.. Presented By Peter Ward – April 3rd 2014 w- www.sohodragon.com c- 862 220 6080 b-www.wardpeter.com
- 2. Agenda • Context of the presentation • Where to start? • Understanding security permissions and how to apply it • Create a methodology • How to avoid data leaks • Show user activity on all levels • Creating a game plan
- 3. Green dot This indicates an important point
- 4. Before We Begin • Q&A – We will have time at the end of the presentation for questions…. But I encourage you to interrupt me and ask • A copy of this presentation is on my blog
- 5. Reminder slide • A copy of this presentation is on my blog www.wardpeter.com This means you only need to watch. There is no need to take notes
- 7. Context of the presentation This SharePoint needs to work Summary 2 days to take ownership Only Prod environment No Dev. Rogue former vendor team
- 8. Takeaways • Understanding ownership steps • Confidently applying security • The little things really matter • Process and communication is key • Learn how to refactor an environment • Good example of reality SharePoint security planning Learn learnt: Technology problems aren’t always technology problems
- 9. Audience Networking FolksSharePoint Folks Networking steps SharePoint steps Networking steps SharePoint steps
- 10. The inherited environment • Hosted environment • SharePoint 2010 Enterprise • 3 months of undocumented code and environment. • No Visio diagrams • Hard coded ID and passwords everywhere… and I mean everywhere • A few URL’s a Service Account ID and password • SQL Server Reporting Services • Oh I forgot: • Can’t use 3rd party tools to run audits of security • Internal IT department has no real understanding how SharePoint works or what was deployed or developed
- 11. Where to start • Understand SharePoint security • Business processes • Create a methodology
- 12. Understanding security accounts and how to apply it Domain • Active Directory Groups…. Not distribution • Domain services- Exchange, IIS Server • Boxes SharePoint • Site Collections • Sites • SharePoint groups Demarcation of responsibility Service accounts
- 13. Business Processes Talk to end users face to face Understand their language: What they think SharePoint actually is A list is a report Alert is an email What, why, when, who
- 14. Now we can start
- 15. Create a methodology Wave 1 Wave 2 Wave 3 Wave 4 Wave 5 Wave 6 Wave 7 Wave 8 Wave 9 Wave 10
- 16. Wave 1 – Kick off Back up the server .. Make sure this is SQL. Ask how long back ups are kept Ask for a back up.. To test the internal IT Restoring env. Notify the user base what is going on and in the communication have a team member’s email and direct phone number Identify all the services are running Reboot the servers Enforce a change log- SharePoint list. Set up alerts to your team Key wins: Immediately know if services stop… and are not related to the password changes Any problems you can blame the previous vendor on the morning you start
- 17. Wave 2 – Start documentation • Technical inventory of the following: • SharePoint, edition, SQL version • InfoPath- purpose, template location • Server box names • Obtain/ create system accounts and password and purpose • Server boxes • Architectural diagram • Env.. • SharePoint collections • Central Admin • Installed web parts
- 18. Wave 2 – continued- Ask questions • What’s the source code control? This should be reviewed • Is there a DR plan for SQL db’s • Is there a DR plan for SharePoint • Report names and their purpose • Understand the integration points
- 19. Now you need to break ground
- 20. Wave 3 – Removing access • VPN access- remove • Service accounts • Vendor ids • Remote access to boxes • SharePoint env. • Site collection administrators
- 21. Wave 4 – Users • Reset all users passwords in PowerShell • Ed Wilson and Craig Liebendorfer, Scripting Guys • Don’t delete the old vendor ID yet. Because they are in code and workflow
- 22. Wave 4 – disable unused accounts • Wait a week for things to settle down • Note disable.. Not delete
- 23. Wave- 4 SharePoint permissions • Do’s • Use Groups – Either AD or SharePoint •Don’ts • Not everyone needs to be Site Collection Admin • Or Full Control
- 24. Wave 5 – Service Accounts • Create a ID inventory file (Excel) with both old and new password • Stop and restart services • Restart server for good measure
- 25. Wave 6 – Firewall account • Because there could be IP addresses of the boxes made public. • and there was… therefore you could get to the box, with no VPN • Use Netstat command to listen to traffic on the ports Link
- 26. Tea break • Questions if you want.
- 27. Wave 6 – Network Traffic
- 28. Wave 6 – Network Traffic • Port 443 secure https • Port 80 Unsure
- 29. Think again Think old vendor is locked out…….
- 30. Wave 7 – Email • Change emails in AD • Redirection capture - DNS
- 31. Wave 7 – Email • Email forwarding
- 32. Wave 7 – Workflow • Impersonation Steps Create a workflow AD account . Needs to be a site collection administrator
- 33. Wave 7 – Workflow • Hard coded email addresses
- 34. Wave 8- SP Security trimming Central Admin Internal IP address Only accessible via RDP login
- 35. Wave 9- Quick Sweep Check the Service accounts Logging
- 36. Wave 10- Continued Add in tracking into the masterpage: <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsOb ject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1 *new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.sr c=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google- analytics.com/analytics.js','ga'); ga('create', 'UA-4669498-5', 'onecallcm.com'); ga('send', 'pageview'); </script>
- 39. Wave 10+- Final bit of advice to client • Buy password security software • Stores IDs and passwords • Audit log of who’s accessing IDs IT loved this
- 40. This is the end. This is the part of the presentation when people should clap and cheer
- 41. Questions? • e-pw@sohodragon.com • w-www.sohodragon.com • b-www.wardpeter.com • c- 862 220 6080