Hardening SharePoint Server Security

Previous versions of Windows Server, such as Windows NT 4.0 and Windows 2000, often required a great deal of configuration after installation to "harden" the security of the server and ensure that viruses such as Code Red and Nimbda would not overwhelm or disable the server. Fortunately, in SharePoint's default operating system, Windows Server 2003, many less commonly used services are turned off. In fact, the entire Internet Information Services (IIS) 6.0 implementation on every server is turned off, making the actual server itself much less vulnerable to attack.

In Windows Server 2003, it is important to first define which roles a server will utilize and then to turn on only those services as necessary, and preferably with the use of the Configure Your Server Wizard.

Hardening a Server with the Security Configuration Wizard in Windows Server 2003 Service Pack 1

The most impressive and useful addition to Windows Server 2003 Service Pack 1 has to be the Security Configuration Wizard (SCW). SCW allows for a server to be completely locked down, except for the very specific services that it requires to perform specific duties. This way, a WINS server only responds to WINS requests, a DNS server only has DNS enabled, and a SharePoint Server only responds to SharePoint requests. This type of functionality was long sought after, and is now available.

SCW allows administrators to build custom templates that can be exported to additional servers, thus streamlining the securing process when setting up multiple systems. In addition, current security templates can be imported into SCW to allow for existing intelligence to be maintained.

The advantages to using the SCW service on a SharePoint server are immediately identifiable. The SharePoint Server, being that it is often directly exposed to the Internet for web services, is vulnerable to attack, and should have all unnecessary services and ports shut down. A properly configured firewall normally drops this type of activity, but it is always a good idea to put in an additional layer of security for good measure.

Installing Service Pack 1 for Windows Server 2003 only allows the SCW service to be installed. It is not, however, installed by default, and must be setup from the Add or Remove Programs applet in Windows via the following procedure:

Once installed, the Wizard can be run to lockdown the SharePoint Server to run only the bare necessities required. This includes SQL access, Web-and-ASP related web access, and any other access methods which are required for the server. Each SharePoint implementation will differ, so it is important to prototype running the wizard to determine what settings are right for each individual SharePoint server.

Utilizing Security Templates to Secure a SharePoint Server

Windows Server 2003 contains built-in support for security templates, which can help to standardize security settings across servers and aid in their deployment. A security template is simply a text file formatted in such a way that specific security settings are applied uniformly. For example, the security template could force a server to only use Kerberos authentication, and not attempt to use downlevel (and less secure) methods of authentication. Figure 15.7 shows one of the default templates included in Windows Server 2003, the securedc.inf template file, located in the \%systemroot%\security\templates directory.

Figure 15.7. A sample security template file.

Application of a security template is straightforward and can be accomplished by applying a template directly to an OU, site, or domain via a Group Policy Object (GPO). Security templates can be enormously useful in making sure that all servers have the proper security applied, but they come with a large caveat. Often, the settings defined in a template can be made too strict, and application or network functionality can be broken by security templates that are too strong for a server. It is therefore critical to test all security template settings before deploying them to production.

Shutting Off Unnecessary Services

Each service that runs, especially those that use elevated system privileges, poses a particular security risk to a server. Although the security emphasis in Windows Server 2003 reduces the overall threat, there is still a chance that one of these services will provide entry for a specialized virus or determined hacker. A great deal of effort has been put into the science of determining which services are necessary and which can be disabled. Windows Server 2003 simplifies this guessing game with an enhanced Services MMC snap-in. To access the Services console, choose Start, All Programs, Administrative Tools, Services.

As shown in Figure 15.8, the Services console not only shows which services are installed and running but also gives a reasonably thorough description of what each service does and the effect of turning it off. It is wise to audit the Services log on each deployed server and determine which services are necessary and which can be disabled. Many services such as the Print Spooler, Telephony, and others are unnecessary on a SharePoint server and simply create more potential security holes. Finding the happy medium is the goal because too many running services could potentially provide security holes, whereas shutting off too many services could cripple the functionality of a server.

Figure 15.8. Using the Services console to administer the server.

NOTE

The Security Configuration Wizard (SCW) previously discussed in this chapter and available with Windows Server 2003 SP1 provides for automatic shutdown of unnecessary services. It is subsequently ideal from a security perspective to become familiar with it.