Plan for and design security (Windows SharePoint Services)

Applies To: Windows SharePoint Services 3.0

 

Topic Last Modified: 2009-04-15

This chapter provides a methodical approach to building security into your solution design for Windows SharePoint Services 3.0. This approach is based on a foundation of the following security guides that are provided in Microsoft patterns & practices (https://go.microsoft.com/fwlink/?LinkId=73704&clcid=0x409):

• Securing Your Web Server (https://go.microsoft.com/fwlink/?LinkId=73705&clcid=0x409)

• Securing Your Database Server (https://go.microsoft.com/fwlink/?LinkId=73706&clcid=0x409)

• Securing Your Network (https://go.microsoft.com/fwlink/?LinkId=73707&clcid=0x409)

These guides explain practical secure configurations for specific server roles. The guidance for each server role includes recommended secure settings for the network, the operating system, and the applications that are installed, including Internet Information Services (IIS), Microsoft ASP.NET Framework, and Microsoft SQL Server.

The information in this chapter supplements the patterns & practices security guides in several ways:

• Provides recommendations for each server role within a server farm.

• Identifies additional networking, operating system, and application settings that are appropriate for server roles.

• Provides recommendations for securing the specific applications and features that are installed by Windows SharePoint Services 3.0.

• Targets security recommendations to security environments that are common for Windows SharePoint Services 3.0 solutions.

Plan for and design security by using the following steps:

1. Plan your security environment   The security guidance that is recommended for your organization depends on which environment best matches your intended use of Windows SharePoint Services 3.0. Use the following article to help plan your security environment:

   • Choose your security environment (Windows SharePoint Services) describes the four key security environments: internal team or department, internal IT-hosted, external secure collaboration, and external anonymous access.

2. Plan server farm security   plan how to secure individual servers within a server farm. The patterns & practices security guides are used as a foundation for securing Windows SharePoint Services 3.0 environments. Use the following articles to help plan server farm security:

   • Review the secure topology design checklists (Windows SharePoint Services) to ensure that your topology and logical architecture meet the criteria for a secure design.

   • Plan for secure communication within a server farm (Windows SharePoint Services) to ensure that the methods of secure communication are most appropriate for your solution.

   • Plan security hardening for server roles within a server farm (Windows SharePoint Services) to determine the specific hardening settings for each of the server roles in your server farm.

3. Plan secure configurations for features   plan how to configure Windows SharePoint Services 3.0 features in a secure manner. Use the following article to help plan secure configurations:

   • Plan secure configurations for Windows SharePoint Services features provides recommendations for securely configuring Windows SharePoint Services 3.0 features. The recommendations in this article are usually configured by using Central Administration, rather than in the network, operating system, IIS, or .NET Framework.

4. Plan environment-specific security   plan security targeted to your specific environment. Use the following articles to help plan environment-specific security:

   • Plan security for an internal team or department environment (Windows SharePoint Services) provides additional security guidance targeted to the internal team or department environment.

   • Plan security for an internal IT-hosted environment (Windows SharePoint Services) provides additional security guidance targeted to the internal IT-hosted environment.

   • Plan security for an external secure collaboration environment (Windows SharePoint Services) provides additional security guidance targeted to the external secure collaboration environment.

   • Plan security for an external anonymous access environment (Windows SharePoint Services) provides additional security guidance targeted to the external anonymous access environment.

5. Plan security roles   Use the following article to plan for and design security roles:

   • Plan for security roles (Windows SharePoint Services) describes planning roles for administrators and for users.

6. Plan for accounts   Use the following article to plan for administrative and service accounts:

   • Plan for administrative and service accounts (Windows SharePoint Services) provides requirements and recommendations for configuring administrative and service accounts.

Some of these planning articles are intended for specific security environments. The following figure shows the intended planning flow based on the security environment.

Download this book

This topic is included in the following downloadable book for easier reading and printing:

• Planning and architecture for Windows SharePoint Services 3.0, part 2

• Security for Windows SharePoint Services 3.0

See the full list of available books at Downloadable books for Windows SharePoint Services.