SharePoint server is one of the common applications in every organization. It’s used to share information and is accessed by all the teams in the organization helping people to share documents, calendars and much more – saving time on communication. Most of the Fortune 500 companies use SharePoint, because it can be integrated with Active Directory and Microsoft Office thus establishing a collaboration platform. It plays a major role in the organization, but keep in mind that it also contains sensitive data such as legal information. Hence, it is important to secure a SharePoint server from various breaches and threats.
1. Updated Operating System: Always keep an Operating System updated with the latest service packs, patches and hotfixes. This will help you keep tabs on the loop holes in the OS. All the security patches are not required on SharePoint servers. These patches must be tested on lab machines before applying in the production systems. This is required to make sure that they don’t make any negative impact.
2. SharePoint Aware Antivirus: SharePoint servers MUST be installed with antivirus software. Antivirus installed on the SharePoint servers should be a SharePoint aware antivirus. This helps SharePoint scan the files and documents being uploaded and downloaded from its servers.
3. Claims-Based Authentication: Use claim based authentication instead of traditionally integrated Windows authentication. It is based on a user obtaining security token which is digitally signed by a commonly trusted provider. It contains a set of claims. Trust is established between SharePoint and identity provider. If a client tries to access the web application, SharePoint redirects the client to a trusted identity provider. This authenticates the client and provides the token. Then the client sends the token to SharePoint, and SharePoint validates and authenticates it, and finally authorizes the user access.
4. Enable Auditing: It helps track users to determine what actions have been taken on SharePoint. Compliance requirements must be followed, especially when it comes to business critical information. It can pull out the history of actions taken by a particular user or a report for a specified date range.
5. Records Management: SharePoint 2013 archives and retains in-place records using security records management. Records management helps protect an edited / deleted form, delete a document when retention is expired, etc. In addition to the archived record and in-place record retention, SharePoint 2013 offers retention policy to SharePoint sites and Exchange 2013 mailboxes associated with the sites.
6. Avoid Anonymous Access: Make sure “limited-access user permission lockdown mode” is activated. This helps to prevent anonymous users from accessing application pages.
7. Managed Service Accounts: SQL, Setup and Farm service accounts should be domain accounts with no domain admin or special admin permissions. Also, configure e-mail accounts for all the managed users.
8. Securing Ports, Protocol and Service: Secure SharePoint server, application server and database server by locking down the unnecessary ports, protocols and services.
9. Planned Permission Model: Never provide permissions at the level of items like calendar, tasks, etc. Managing and changing permissions will be difficult and can lead to performance issues. Always provide permissions through Active Directory group membership, and provide only necessary permissions. Give full control only when necessary. It can create and delete sites, create and delete SharePoint groups, manage site and library permissions, activate and deactivate SharePoint features, create and modify workflows, etc.
10. Planning: SharePoint 2013 deployment and permissions need proper planning. Define the permission model, it provides the right permissions to the right user and also helps manage SharePoint better with no performance impact. Make sure only users with appropriate permissions manage SharePoint site, and not everyone in the team.
Hope these simple steps will help you maintain security of your SharePoint server and protect it from numerous security threats.