Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: secure sharepoint 2010 design

From: Greg Merideth <gmerideth () uclnj com>
Date: Fri, 30 Jul 2010 10:42:16 -0400
Not overly paranoid but you could accomplish the same thing by isolating the database/web machines on a vlan while 
keeping your front-end server on both network segments.  I've done something similar in the past and if I need to 
access machines behind the front-end server I just remote into it and then remote into the backend server or just walk 
over to them.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Francois Yang
Sent: Friday, July 30, 2010 12:15 AM
To: security-basics () lists securityfocus com
Subject: secure sharepoint 2010 design

just wondering if anyone here has been involved with designing
sharepoint 2010 or earlier version from ground up.
the consulting people we have working on this are MS or sharepoint
people from third party and all seem to think that it's ok to leave
your whole sharepoint environment open to corporate lan.  according to
them that's how most people do it. either that or have a MS TMG server
for front end which would serve Sharepoint, which doesn't make sense
to me since it still leaves all the servers open to the whole lan.
I was suggesting to put the whole environment behind a firewall and
only allow ports 443 since that's what will be used by the internal
users to access it.
no need for the whole company to have access to all the backend web
servers and database servers.
of course admins of those servers would be allowed access to their
servers on the necessary ports.
am I being too paranoid? or have anyone done something similar?
management seem to think I'm crazy and being the road block to this project.

thanks.

Frank

-- 
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked. — White House Cybersecurity
Advisor, Richard Clarke

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: