Providing Secure Access to SharePoint 2003 Sites

A number of factors must be considered to ensure that the user community has a positive experience with the new SharePoint 2003 environment and that it offers the appropriate level of security. There is no "one size fits all" solution for Windows SharePoint Services and SharePoint Portal Server 2003 implementations. One of the main goals of the design process is to determine what mechanisms and strategies will be used to ensure that data is secure, while being available to the internal and external users who require access to it. Performance must be kept in mind as well; excessive security features may result in unacceptably difficult access to site collections and the data contained in them.

Securing the SharePoint 2003 Environment

Chapter 15, "Implementing and Validating SharePoint Security," offers a more in-depth look at the many options available for configuring the SharePoint 2003 environment to meet the organization's security needs. These options should be discussed in more detail during the design process.

A summary of the options available is as follows:

• Isolating SharePoint data with separate SharePoint lists and librariesThe most basic level of security, this relies on SharePoint 2003 list-level security to protect data in a list from unauthorized access.

• Isolating SharePoint through deployment of separate sites or site collectionsAdditional protection is provided by creating separate sites or site collections, and restricting access to the sites so that only users with access to the site have access to lists and libraries contained within the site.

• Isolating SharePoint with separate host headers and virtual serversHost headers assigned in Internet Information Services (IIS) allow for multiple domain names to correspond to different site collections or virtual servers in SharePoint. This allows for an increased level of security between the sites because users cannot see the data from the other site collections.

• Isolating SharePoint with separate physical servers or networksAlthough this requires additional investment in hardware, the complete separation of virtual and physical servers further enhances the security of the respective SharePoint 2003 configurations.

Securing the server or servers used in the SharePoint 2003 implementation is also critical to ensure the protection of the data. A number of areas need to be discussed and considered to ensure that the configuration is protected:

• Physical access to the servers needs to be controlled, as does login access.

• Additional technologies such as "smart card" technologies, which require a physical device as well as a Personal Identification Number (PIN) to log in.

• Server security needs to also be hardened to protect the server from hackers and viruses.

• File access to SharePoint 2003 servers can also be audited to keep a record of attempts to access files on the SharePoint 2003 server(s).

• SQL Server 2000 can use SQL Windows authentication or SQL Server Mixed Mode authentication. However, Windows authentication is far more enhanced with regard to security because it leverages security features and functionality built into Active Directory.

• Virtual Private Networks (VPNs) can be used to secure access to SharePoint 2003 environments because data is secured and encrypted to prevent unauthorized access to the traffic.

By reviewing the different options available to the organization in the design process, the design of the Windows SharePoint Services or SharePoint Portal Server 2003 environment will be able to provide a configuration that meets the organization's needs and provides the right combination of protection, manageability, and availability.

SharePoint 2003 Authentication Overview

Authentication for websites based on Windows SharePoint Services is configured in Internet Information Services (IIS) and uses the authentication method specified for a virtual server in IIS to control authentication for all top-level websites and subsites of that virtual server. The different methods of authentication should be reviewed, and the organization should decide which method or methods best meet its requirements.

Windows SharePoint Services works with the following authentication methods in IIS:

• Anonymous authentication Gives users access to the public areas of the website or FTP site without prompting them for a username or password. When a user attempts to connect to the public website or FTP site, the web server assigns the connection to the Windows user account IUSR_computername (where computername is the name of the computer running IIS). By default, the IUSR_computername account is included in the Windows user group, Guests. This group has security restrictions, imposed by NTFS permissions, which designate the level of access and the type of content available to public users.

• Integrated Windows authentication Formerly called NTLM and also referred to as Windows NT Challenge/Response authentication, this is a secure form of authentication because the username and password are hashed before being sent across the network. When you enable Integrated Windows authentication, the user's browser proves its knowledge of the password through a cryptographic exchange with your web server, involving hashing. Integrated Windows authentication is the default authentication method used in members of the Windows Server 2003 family.

• Digest authentication for Windows domain servers Offers the same functionality as Basic authentication; however, Digest authentication transmits credentials across the network as an MD5 hash, or message digest, where the original username and password cannot be deciphered from the hash. Digest authentication is available to Web Distributed Authoring and Versioning (WebDAV) directories.

• Basic authentication Part of the HTTP specification and supported by most browsers. The disadvantage is that web browsers using Basic authentication transmit passwords in an unencrypted form, which is not recommended unless the connection between the user and the web server is secure, such as with a dedicated line or a Secure Sockets Layer (SSL) connection.

• .NET Passport authentication A user-authentication service that lets users of the site create a single sign-on name and password for easy access to all .NET Passport-enabled websites and services. .NET Passport-enabled sites rely on the .NET Passport central server to authenticate users instead of hosting and maintaining their own proprietary authentication systems. .NET Passport uses cookies, which contain information that can be compromised. However, .NET Passport authentication can be used over a Secure Sockets Layer (SSL) connection, which reduces the potential of replay attacks.

• Certificates authentication (SSL) Secure access may need to be ensured through the use of Secured Sockets Layers (SSL), which is used to secure server-to-browser transactions and protects data submitted over the Internet from being intercepted and viewed by unintended recipients. The only difference the users see is that the URL is changed to HTTPS:// rather than HTTP://. SSL can be turned on in IIS and can also be used for the SharePoint Central Administration virtual server for an added level of protection (the setadminport command-line operation is required).

Determining Which Types of Files to Block

Windows SharePoint Services allows the administrator the ability to define which types of files should be blocked from being uploaded to a SharePoint 2003 server. For example, if all files with the .exe file extension are blocked, users can neither upload nor download a file with the .exe extension.

By default, a number of standard file extensions are blocked, including any file extensions treated as executable files by Windows Explorer. The design process should discuss what additional file types should be blocked. The list of blocked file types can be changed in the future as needed, but it is helpful to have a well-thought-out plan in advance.

Deciding Whether to Permit Anonymous Access

In some Windows SharePoint Services and SharePoint Portal Server 2003 implementations, the only users who have access to the various sites are authenticated network users who have been specifically granted access to the portal, top-level site, or subsite. In other implementations, it makes sense to allow anonymous access to a virtual server and the sites it manages. For example, a nonprofit organization may want to allow visitors to one of its SharePoint 2003 sites to be able to view the information provided without having to log in, and even to contribute to a discussion group or answer a survey.

Anonymous access needs to be granted in IIS for a particular virtual server and can then be enabled or disabled for a site on that virtual server by using HTML Administration pages. IIS creates the anonymous account for web services, typically named IUSR_computername, and when IIS receives an anonymous request, it uses this account.

Use of Microsoft Single Sign-On Service

A feature that may be of interest to the organization and that is available with SharePoint Portal Server 2003 is the Microsoft Single Sign-On (MSSO) service. This service stores and maps user credentials, which eliminates the need for users to have to sign on again to retrieve information when portal-based applications request data from business applications. The single sign-on must be enabled on each front-end web server, on the job server, and on any server running the single sign-on service. A testing phase is recommended to ensure that that the MSSO service is compatible with the other business applications in use.

Backing Up the SharePoint 2003 Environment

A key component of the design is to consider the possibilities of hardware failure or database corruption and the need to recover the data. This needs to be approached from a holistic standpoint (what if the entire SQL database needs to be restored) as well as from a site or subsite level (what if a user accidentally deletes a file from a library and wants it back).

Chapter 19, "Backing up and Restoring SharePoint," "provides more information on the different alternatives, which are

• Full database backup using the SQL tools

• Backing up SharePoint with command-line utilities such as stsadm and spsbackup.

• Using the built-in SharePoint Portal Server Backup and Restore utility, accessible from the Start menu.

Site collections can also be backed up and restored by using FrontPage 2003, but this is not considered to be an enterprise backup solution.

Questions that should be discussed pertaining to backing up and restoring as well as disaster recovery include

• What will the service level agreement be with the user community when the new SharePoint 2003 environment is rolled out?

• Is the existing backup hardware and software capable of handling SQL 2000 databases and the amount of data that will be stored in these databases?

• Does the organization have experience with the different types of backups possible with SQL Server 2000 databases and the pros and cons of each?

Virus Protection

A critical component in any technology environment is virus protection because any penetration of a virus can severely impact the network's performance. SharePoint 2003 requires the installation of compatible virus protection products and can then be configured to check files for viruses when a user adds a document to a document library or list, or when a user views a document in a document library or list. If a virus is found, the scanner attempts to clean the file, or if the file cannot be cleaned, blocks the file from being added or viewed.

Third-party antivirus software is available from a number of companies including Trend Micro and Sybari. Enhanced features are available such as content filtering, available with Sybari's Antigen for SharePoint. Content filtering detects inappropriate content on SharePoint sites and provides options to quarantine or block accordingly. Antigen for SharePoint includes prepopulated dictionaries for content filtering. In addition, administrators can create their own dictionaries containing confidential or inappropriate keywords.