Securing Servers and Farms

It would be remiss to begin a chapter on securing SharePoint without discussing a critical security component that is often overlooked and taken for granted—the password. As is the case with security in the physical world, most crimes are committed against persons and organizations by people we know. When administration, user, and default passwords stay the same for too long, inevitably someone with that knowledge and a grudge is going to do harm. Having a strict policy of changing passwords on a regular basis and making those passwords strong is still one of the best defenses we have against a potential security breach.

A password weakness can exist at either the Active Directory level or the local machine level, and both can be exploited by malware/viruses or an insider. Additionally, the presence of the single sign-on feature, which is also discussed in this chapter, means a compromise of one password may lead to a compromise of data on other systems.

Note

Windows SharePoint Services has an Active Directory Mode. This feature is activated when site administrators create new WSS accounts and automatically creates corresponding accounts in Active Directory. When using this feature, you should consider creating security policies with regard to which users can be site administrators and when new accounts can be created in Active Directory from a WSS site.

Be sure to enforce a strict password policy for all users on your domain. Your policy should include ...

Get Microsoft® SharePoint® Server 2007 Bible now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.