Bill Baer /bɛːr/

When preparing to deploy an Internet accessible Microsoft Office SharePoint Server 2007 web farm security is the forefront of discussion and planning. To provide a brief insight into securing SharePoint Products and Technologies, I’ve decided to finally consolidate, compile and make available some of my notes. Hopefully this will be of benefit in helping others understand the method by which SharePoint Products and Technologies communicate and a high-level security overview. Internet Information Services (IIS) is the obvious first candidate for preparation and discussion –we’ve concluded IIS will be configured to use both basic and Integrated Windows authentication methods, basic allows credentials to be transmitted unencrypted and secured by SSL. The benefit of this is twofold, one it can be easily used in the extranet environment and two; basic authentication is part of the HTTP 1.1 protocol, supported by virtually any browser. Integrated windows authentication is provided to our intranet users and implemented as NTLM. SSL/TLS Transport Layer Security secures a channel between the browser and web server and IPSEC secures the communication between the web servers and the SQL backend and an additional IPSEC policy configured and applied to handle Search - Index server relationships when indexes are propagated from the index management server to the search server. In SharePoint Portal Server/Windows SharePoint Services user authentication is based on Windows security accounts, ASP.NET is configured to use Windows authentication for SharePoint Site Collections meaning ASP.NET relies on IIS to perform the required authentication of client(s). IIS will then authenticate the user against Windows security accounts and pass the identity to ASP.NET.  

Transaction Paths

Often overlooked is the communication which occurs inside the environment itself. Communication in SharePoint Products and Technologies occurs in several distinct manners to include changes to the configuration where a web front-end (WFE) will communicate with the configuration database to relay changes to the deployment, change requests which include typical user transactions occurring in the content database submitted by the WFE such as updating/adding/deleting List items, documents, etc. Another transaction occurring nearly as often; however, more complex in the nature of the transaction are search requests – the user submits the request, the WFE then communicates with the query server to generate the results at which point the WFE will provide the content based on the previous transaction through communication with the content databases/content database server. Indexing transactions and requests must occur to both provide search results and build indexes through a separate communication channel with the content database/content database server. A proper IPSEC implementation and policy definition and application can secure these transactions to provide a high level of communication security within the datacenter and remain transparent to the consumers of the technologies. Microsoft Office SharePoint Server 2007 now supports configuration of the Shared Service Provider to leverage Secure Sockets Layers to secure a channel between the server machine(s) hosting the SSP and the Shared Services database(s), providing an additional layer of security within the web farm. Joel Oleson has a great post on this topic (25 Tips to Lockdown Your SharePoint Environment), covering high-level ISA, Kerberos, and Firewall considerations.

Common Extranet Design