Security Basics mailing list archives
RE: secure sharepoint 2010 design
From: Greg Merideth <gmerideth () uclnj com>
Date: Fri, 30 Jul 2010 10:42:16 -0400
Not overly paranoid but you could accomplish the same thing by isolating the database/web machines on a vlan while keeping your front-end server on both network segments. I've done something similar in the past and if I need to access machines behind the front-end server I just remote into it and then remote into the backend server or just walk over to them. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Francois Yang Sent: Friday, July 30, 2010 12:15 AM To: security-basics () lists securityfocus com Subject: secure sharepoint 2010 design just wondering if anyone here has been involved with designing sharepoint 2010 or earlier version from ground up. the consulting people we have working on this are MS or sharepoint people from third party and all seem to think that it's ok to leave your whole sharepoint environment open to corporate lan. according to them that's how most people do it. either that or have a MS TMG server for front end which would serve Sharepoint, which doesn't make sense to me since it still leaves all the servers open to the whole lan. I was suggesting to put the whole environment behind a firewall and only allow ports 443 since that's what will be used by the internal users to access it. no need for the whole company to have access to all the backend web servers and database servers. of course admins of those servers would be allowed access to their servers on the necessary ports. am I being too paranoid? or have anyone done something similar? management seem to think I'm crazy and being the road block to this project. thanks. Frank -- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. — White House Cybersecurity Advisor, Richard Clarke ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- secure sharepoint 2010 design Francois Yang (Jul 30)
- RE: secure sharepoint 2010 design Greg Merideth (Jul 30)
- Re: secure sharepoint 2010 design Martin Petersen (Jul 30)