As discussed in a previous section, SharePoint controls access to files stored within its database through user authentication, site groups, and similar SharePoint-specific security mechanisms. In addition to these considerations, care must be taken to secure actual file-level access to SharePoint itself. A secured database is useless if an unauthorized user can simply delete it or copy it off. A full understanding of the file-level security inherent in Windows Server 2003 is a must for a complete understanding of SharePoint security itself. Exploring NT File System SecurityThe latest revision of the NT File System (NTFS) is used in Windows Server 2003 to provide for file-level security in the operating system. Each object referenced in NTFS, which includes files and folders, is marked by an Access Control Entry (ACE) that physically limits who can and cannot access a resource. NTFS permissions utilize this concept to strictly control read, write, and other types of access on files. Although SharePoint servers are not often file servers, they can still grant or deny file access in the same way and should have the file-level permissions audited to determine whether there are any holes in the NTFS permission set. Changing NTFS permissions in Windows Server 2003 is a straightforward process; simply follow these steps:
Comparing Share-Level Security Versus NTFS SecurityPrevious Windows security used share-level permissions, which were independently set. A share is a file server entry point, such as \\sfofs01\marketing, that allows users access to a specific directory on a file server. Older file systems such as FAT, HPFS, and FAT32 did not include file-level security, so the security was set instead on the share level. While share-level security can still be set on files, it is preferable to use NTFS-level security, where possible. Share-level security is not very secure because it cannot secure the contents of subdirectories easily. NOTE Best practice for file servers in Windows Server 2003 is to configure share-level security to be wide open for all domain users but then to set stricter security on the NTFS level. This allows for security to be administered on the NTFS level only, without the fear of share-level restrictions interfering. A dedicated SharePoint server should normally not utilize specific shares. Auditing File Access to SharePoint ServersA good practice for file-level security is to set up auditing on a particular server, directory, or file. Auditing on NTFS volumes allows administrators to be notified of who is accessing, or attempting to access, a particular directory. For example, it may be wise to audit access to a critical network share, such as a finance folder, to determine whether anyone is attempting to access restricted information. After auditing has been turned on via a local or group policy, the following steps can be taken to set up simple auditing on a folder on a SharePoint server:
|