Utilizing Encryption
Encryption is another important piece of your Office SharePoint Server security strategy that comes into consideration in three primary areas: site encryption, intra-server encryption, and storage encryption.
Site SSL Encryption
By default, Office SharePoint Server 2007 does not employ SSL encryption on its sites. Proper use of SSL on your SharePoint sites offers three benefits: confidentiality, integrity, and authentication:
- Confidentiality
You are likely aware of the fact that employing SSL on a site ensures that if the network traffic is intercepted in transit, it is not legible or open to decryption by an unauthorized party. This is important if you maintain sensitive data on your SharePoint site, especially if it is accessible over the Internet.
There are two additional important benefits of using SSL that are less commonly known.
- Integrity
When using SSL, you and the server are both assured that the network traffic received was not modified in transit. Without the use of SSL, it is possible for traffic to be modified in transit, and there is no way for either party to detect the modification.
- Authentication
Authentication, in this sense of the word, does not refer to a username and password. In the case of SSL, authentication means you are assured of the identity of the remote server. The SSL certificate in use on the server identifies the name of the server to which you are connecting. This is important because an attacker could redirect your users to another ...
Get SharePoint 2007: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
