Chapter 15. Implementing and Validating SharePoint Security
IN THIS CHAPTER
Verifying Security Using the Microsoft Baseline Security Analyzer (MBSA)
Securing the SharePoint Portal Server 2003's SQL Server Database
Using Virtual Private Networks to Secure Access to SharePoint
Examining Integration Points Between SharePoint and Public Key Infrastructure
Examining IP Security (IPSec) for Internal SharePoint Encryption
SharePoint Portal Server 2003 was built to be a robust, capable, and scalable environment. Along with SharePoint's capabilities comes the responsibility to secure its vital components, protecting them from attacks and data loss. Fortunately, SharePoint allows for a wide range of security functionality, features, and tools to properly secure a SharePoint farm. Knowledge of these capabilities is a must for a SharePoint administrator.
This chapter focuses on the aspects of information security that an organization can implement to protect information stored in a SharePoint environment. This includes server-level security from a network operating system and Web Services perspective, Active Directory integration, firewall and access to intranet and extranet information, file-level security for information stored and indexed on non–SharePoint-managed data stores, file-level security for information stored within a SharePoint-managed data store, user-level security for access to SharePoint data, and administrative controls to monitor and manage user and access security. In addition, tools and services useful for securing SharePoint such as Software Update Services, Microsoft Baseline Security Analyzer, IPSec, Public Key Infrastructure (PKI), and others are also covered to provide for enhanced security.