preventing security leaks in sharepoint with joel oleson & christian buckley
DESCRIPTION
With recent news of one of the largest security breaches in US history, many organizations are looking to their SharePoint environments to better understand just how vulnerable their data is, and whether they have in place adequate governance policies and procedures to prevent a similar breech. In this webinar, we'll discuss some of what happened in the case of Snowden and the NSA's SharePoint environment, and clarify the differences between willful intent versus poor governance planning. We'll help you to outline steps you can take within your own organization to improve security and lock down permissions, closing off any gaps within your governance strategy.TRANSCRIPT
![Page 1: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/1.jpg)
Joel Oleson
Managing Director of S6
@joeloleson
http://sharepointjoel.com
Christian Buckley
Evangelist at Axceler Now Metalogix
@Buckleyplanet
![Page 2: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/2.jpg)
![Page 3: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/3.jpg)
NSA Recap
Real World SharePoint Permissions & Auditing
Time for an Audit
SharePoint Lockdown & Hardening
Time to Review Data Policies
Tools to Automate Enforce & Report
![Page 4: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/4.jpg)
![Page 5: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/5.jpg)
![Page 6: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/6.jpg)
"This leaker was a sysadmin who was trusted with moving the information to actually make sure that the right information was on the SharePoint servers that NSA Hawaii needed," NSA Chief Alexander
The leaks represented "a huge break in trust and confidence“
… They still don’t know what was taken…
![Page 7: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/7.jpg)
![Page 8: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/8.jpg)
![Page 9: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/9.jpg)
Users CAN NOT tell what permissions/RIGHTS are on the site they are uploading documents to.
Search EXPOSES documents from EVERYWHERE
DATA is not ENCYPTED by default
30% or more Site Owners have left or moved jobs
More than half of sites after 3 years are Abandoned
No cleanup of permissions, easier to add groups and authenticated users
Most sensitive sites are in the site directory and in enterprise search
All data is stored in the same databases
Result: People didn’t TRUST SharePoint. Sensitive data is exposed to search and users have rights to content they shouldn’t. INFOSEC says “SHUT IT DOWN!”
![Page 10: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/10.jpg)
PermissionsTroubleshooting why users cannot see the content they should
Reporting for different types of compliance
Auditing who has access to sensitive content
Usage/ActivityFinding what content is, or is not, being used
Planning for future growth
Understanding hardware requirements
StorageMonitoring growth for performance reasons
Understanding hardware requirements
Reorganizing taxonomy based on Storage needs
AuditNeeding to show who accessed what and when, to adhere to internal or external compliance requirements
PerformanceMonitoring page load times to uncover problems
Planning for increased usage
![Page 11: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/11.jpg)
• Auditing• User access records• Troubleshooting functionality problems that most commonly
stem from end users trying to perform a task without having the correct permissions.
![Page 12: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/12.jpg)
Perform regular security checks across your farm, down to the document level
Proactively review, delete, and reassign user permissions as needed
Clean up users who are no longer in Active Directory but are in SharePoint
Review SharePoint groups
Have a process to backup and restore permissions
Document site permissions (roles) so that its easier to duplicate them for new employees
Monitor SharePoint licensing
![Page 13: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/13.jpg)
![Page 14: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/14.jpg)
![Page 15: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/15.jpg)
![Page 16: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/16.jpg)
![Page 17: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/17.jpg)
![Page 18: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/18.jpg)
![Page 19: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/19.jpg)
![Page 20: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/20.jpg)
![Page 21: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/21.jpg)
![Page 22: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/22.jpg)
![Page 23: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/23.jpg)
![Page 24: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/24.jpg)
![Page 25: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/25.jpg)
![Page 26: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/26.jpg)
Global Workforce (LOW)– Open to all Authenticated users. Listed in directories, boosted in search when relevant, cheap storage, flexible archiving policies. Published and Mobile Accessible.
Team/Group Sensitive (MEDIUM) – Secured to a team or group. No permitted use of Authenticated users at top site collection level, not listed in global site directory. Security trimmed and included in enterprise search. Cheap storage. Published and Mobile Accessible.
Classified/Business Confidential (HIGH) – Stored in separate encrypted databases in separate data center as policy permits. Limited security to sysadmins, regularly audited and restricted to named accounts, no security groups, only reliable and trusted. Regular permissions audit report sent to site administrators, Not included in Enterprise search, Not included in any directories. No use of AuthUsers at any level. VPN Only No external publishing. Auditing activated. Any changes to permissions or auditing reported immediately.
![Page 27: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/27.jpg)
![Page 28: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/28.jpg)
![Page 29: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/29.jpg)
![Page 30: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/30.jpg)
Who has Admin rights to your SharePoint & SQL or External Storage servers?
What sites have open access anonymous or authenticated users?
How are you tracking who has access?
What File was leaked how will you find it, and determined who moved, deleted, copied, etc…
What are you using for Auditing? SharePoint Usage Logs and IIS logs are NOT AUDIT LOGS!!!
Default Settings Are NOT Designed for Highly Sensitive Data – MUST CONFIGURE!
Not Encrypted
No Auditing
No Reporting
![Page 31: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/31.jpg)
Use Reverse Proxy with Content Inspection
Don’t expose SharePoint to the Internet Directly
Lock down Web Services
Use Lockdown Mode (Automatic for Publishing site, but needs activated through STSADM or Powershellfor all other site templates)
Penn Testing and Lockdown of unneeded services (SMTP?) and communication Ports
Restrict Firewall to only required ports
Follow SharePoint Vulnerabilities
http://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-11116/Microsoft-Sharepoint-Server.html
Least Priv across the board!
Keep up to date with Service Packs and Significant CUs Patches (N-2 on CUs)
Kudos to Liam Cleary SharePoint MVP
http://www.slideshare.net/helloitsliam/think-you-can-hack-sharepoint-sharepoint-fest-dc?from_search=3
![Page 32: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/32.jpg)
![Page 33: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/33.jpg)
![Page 34: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/34.jpg)
![Page 35: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/35.jpg)
![Page 36: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/36.jpg)
![Page 37: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/37.jpg)
![Page 38: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/38.jpg)
![Page 39: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/39.jpg)
![Page 40: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/40.jpg)
![Page 41: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/41.jpg)
Process
Technology to Simplify the Process
People to Enforce Policies
Site Archiving
Ensure Sites are Still being used every 6 months. Backup and Delete unused sites. Fix ownership.
Archiving Process. Invalid Ownership Detection process.
SharePoint Team with regular audits from Infosec.
![Page 42: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/42.jpg)
1. SharePoint Server & SQL Hardening & Penetration Testing and Intrusion Detection
2. Managing permissions, Site and Library ownership?
3. Data Retention Policy? Site Archiving or Data lifecycle policies?
4. Databases/Sites/Files Encrypted
5. Rights Managed
6. Admins have rights to data?
7. Audit process and tool?
8. Search Exposure? PII
9. Authentication - Just because it's over SSL doesn't mean it's secure. Amazing what can happen inside an SSL Tunnel. Content inspection!
10. Is SharePoint out of the box security and auditing good enough? Should you consider building extra governance around your sites and data for policies or a third party tool?
- See more at: http://www.sharepointjoel.com/Lists/Posts/Post.aspx?List=0cd1a63d%2D183c%2D4fc2%2D8320%2Dba5369008acb&ID=688#sthash.YTq35lto.dpuf
![Page 43: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/43.jpg)
It’s time to stop hoping something won’t happen… Prepare for it.
Governance = putting those plans in place and building trust.
SharePoint Out of Box Does NOT address all your auditing and compliance needs for any business critical environment Consider Third Party or Custom Development
Axceler/Metalogix ControlPoint & Salient6 are here to help
Don’t be surprised when you find centralized permissions management a nightmare. You must have policies and cleanup processes.
![Page 44: Preventing Security Leaks in SharePoint with Joel Oleson & Christian Buckley](https://reader030.vdocument.in/reader030/viewer/2022020217/54b6b2d54a7959f7308b4570/html5/thumbnails/44.jpg)
Joel Oleson @joeloleson
SharePointJoel.com
Salient6 http://www.salient6.com
Christian Buckley @buckleyplanet
BuckleyPlanet.com
Metalogix.com