Setting a Secure Default Policy

One of the results of the Trustworthy Computing initiative is that Microsoft products embrace a set of strategies called SD³+C, a term coined by the Secure Windows Initiative team. SD³+C stands for "secure by design, secure by default, secure in deployment and communications."

A product is secure by design when the overall design of a system takes security seriously. You can take several steps to accomplish this, such as security training for all personnel, adhering to design and coding guidelines, and developing regression tests for all previously fixed vulnerabilities.

A product is secure by default if it is secure enough out of the box. This goal can be achieved by taking steps such as these:

• Do not install a complete feature set. By default, install only features that your users regularly apply. In Office SharePoint Server 2007, you can choose to install advanced features such as Excel Services-a feature that is not installed by default.

• Make sure a product requires the least amount of privileges in order to execute correctly. Do not require code to run within the context of members of a local or domain administrators group when it does not require such capabilities. A good example of this is the fact that Web Parts executed in a SharePoint virtual server, by default, run under the WSS_Minimal trust level. This is covered in detail later in this chapter, in the "Configuring Security Settings in the Web.config File" section.

  Note

  As an administrator, you should be interested in the security privileges required by a piece of code, so that you know if the code is able to perform potentially dangerous operations. This is especially true when your company acquires software that is built by others. If you want to verify that the creators of a piece of software have put thought in determining how much privileges the code requires, you should demand detailed documentation regarding the minimum amount of privileges required to run the software. If you are buying a third-party product, you should always look for the presence of such documentation.

• Protect product resources. You must protect sensitive data and critical resources from attack. SharePoint Server 2007 includes a message digest (also known as the FormDigest) that you must include if you want to post a request to a SharePoint server that modifies the content database. The message digest contains security validation specific to a user, site, and time period.

A product is secure in deployment if the system is maintainable once it is installed. Following are steps you can take to achieve security in deployment:

• Make sure administrators can manage the security functionality of a product once it is installed.

• If a security vulnerability is found, make sure you have a mechanism in place so that you are able to create and apply a security patch as soon as possible.

Finally, secure software in communications means that software developers should be prepared for the discovery of application vulnerabilities and should communicate openly and responsibly with administrators (and/or end users) to help them take protective measures.