Internet/Intranet Security Because SPS can be configured to crawl Web content sources within and outside of its given environment, as well as provide file management services through the Web-based Digital Dashboard, securing your SPS server from unauthorized Internet/intranet entities is vital . It is important to carefully evaluate your server's exposure to Web users, to ensure both the ongoing integrity of your documents and the confidentiality of information they contain. Proxy Servers Securing your SharePoint Portal Server from unauthorized Internet and intranet Web users is greatly enhanced through the use of a proxy server. Proxy servers prevent unauthorized access by authenticating incoming requests and allowing or denying access to the server based on defined security guidelines. Proxy servers are also useful in enhancing the performance of outgoing Web queries by caching recently accessed Web pages, often resulting in a reduction in page load times. By default, SharePoint Portal Server uses the proxy server settings taken from Microsoft Internet Explorer for the default content access account, and can be changed at any time. Changes made to the server's proxy settings do not affect other applications, such as Internet Explorer. Since both the client components and the dashboard site communicate with the server by using HTTP, proxy settings can affect how both interact with the server. If you use a proxy server, you must configure the server to pass the HTTP verbs, the Distributed Authoring and Versioning (DAV) HTTP extensions, and INVOKE ”a custom SharePoint Portal Server verb. Providing Content to the Internet In order to use SharePoint Portal Server to provide content and searching capabilities to users located on the Internet, you must do the following: Enable the use of fully qualified domain names (FQDN) within SharePoint Portal Server. Create a Domain Name System (DNS) entry for the server name . Create a virtual Web site and point it to the SharePoint Portal Server computer. Change the security settings on the Directory Security tab of the virtual Web site's properties dialog box. SharePoint Portal Server uses NTLM authentication by default. To enable access by Internet users, you must change the security settings to either Basic authentication or Anonymous (See Figure 11.5). Note that if Anonymous authentication is chosen for the virtual Web site, users cannot create subscriptions from the dashboard. Figure 11.5. Authentication methods are configured in the IIS tool.  Ensure that proper firewall and routing configurations have been made to allow communication with the Internet. There are many considerations when configuring and deploying a Web server. If you are not familiar with these technologies and the ramifications of their use, consult your local Webmaster or system administrator for more information on how to configure your server and virtual Web site to operate safely and securely on your organization's network. TIP Before and after making your SharePoint Portal Server available to Internet access, you should regularly review indexed content, to ensure against revealing information from unguarded or misconfigured file shares to users outside your organization.
Firewalls If you plan to use SharePoint Portal Server index propagation in an environment with firewalls, you must ensure that proper communication can occur between the servers. If there is a firewall between the servers configured to search content sources and the servers configured to create and update indexes, it must be configured to permit index propagation to take place. Since index propagation uses the standard Windows file sharing protocol, ensure that any firewall between the servers allows standard Windows file share access. If you have a firewall and want to use SharePoint Portal server to provide content to the Internet, you must map the server's IP address to an external name. IIS and IFS Security There is an associated vroot or virtual directory created in IIS, under the default Web site that is associated with SharePoint Portal Server workspaces. Dashboard site security can be managed there. While you can navigate the SharePoint Portal Server IFS using Windows Explorer, the access is read-only. Also, refrain from manipulating the IFS security attributes, as it may result in data loss through corruption of the SharePoint Portal Server security role information. Any management function of the workspace should only be performed through the Web folders interface. Dashboard Security Dashboard security is configured through the IIS administrative tool at the vroot directory for the SharePoint Portal Server virtual Web site. By drilling down to the folders or documents that comprise the site, you can manipulate authentication requirements, general IP address and domain name access restrictions, or any other parameter allowed by IIS. | 
