Wednesday, April 29, 2015

SharePoint Security

Security 101

Concerns

Edward Snowden, SharePoint, and Security
https://www.credera.com/blog/technology-insights/microsoft-solutions/edward-snowden-sharepoint-security/

Pentest – Phases

  1. Recon
  2. Scan
  3. Gain Access
  4. Maintain Access
  5. Cleanup
  6. Pivot

https://en.wikipedia.org/wiki/Penetration_test
https://windsorwebdeveloper.com/comptia-pentest-study-guide/

Tools

https://www.kali.org/
https://nmap.org/

Tutorials – NMAP Zenmap MegaPing
https://www.youtube.com/channel/UCtudLj18oXlrzrPHqKC5bLA

News

WikiLeaks CIA Files: The 6 Biggest Spying Secrets Revealed By the Release of 'Vault (2017)

https://yro.slashdot.org/story/17/03/07/2124251/wikileaks-cia-files-the-6-biggest-spying-secrets-revealed-by-the-release-of-vault-7

“”1,2,3, and 5 were revealed with the documents that Edward Snowden released to The Guardian and was subsequently detailed in at least a couple of the books written about that leak including Data and Goliath by Bruce Schneier and The Snowden Files by Luke Harding.

The NSA and CIA also maintain a cache of vulnerabilities they have discovered but kept to themselves and not shared with Microsoft, Android/Google or Apple as well as the other operating system vendors so they can perform surveillance on any company running those OS.

This activity has been approved by the FISA court all in the name of Homeland security but not necessarily restricted to that activity.” George

2016

Plan security hardening for SharePoint Server 2016

https://technet.microsoft.com/en-us/library/cc262849(v=office.16).aspx

MS16-101 Prevents SharePoint From Changing Managed Account Passwords

https://thesharepointfarm.com/2016/09/ms16-101-prevents-sharepoint-from-changing-managed-account-passwords/

2013/2010

Technet on Planning Security Hardening (2010 or 2013)

https://technet.microsoft.com/en-us/library/cc262849(v=office.15).aspx

https://technet.microsoft.com/en-us/library/cc262849(v=office.14).aspx

Good Article on SharePoint Groups vs. AD Groups and effect on Search Crawls
http://blogs.msdn.com/b/kaevans/archive/2013/05/06/clarifying-guidance-on-sharepoint-security-groups-versus-active-directory-domain-services-groups.aspx

Preview as user (Third Party)
http://blog.mastykarz.nl/previewing-pages-content-targeting-user-segments-sharepoint-2013/

Updates
Interesting Vulnerability Site on SharePoint
Lists - http://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-11116/Microsoft-Sharepoint-Server.html
Stats - http://www.cvedetails.com/product/11116/Microsoft-Sharepoint-Server.html?vendor_id=26

Legacy


Great Security Articles by Liam Cleary
https://www.helloitsliam.com/

PenTest (Part 1 and 2)
https://www.helloitsliam.com/2014/11/06/sharepoint-2013-pentest-part-1/
https://www.helloitsliam.com/2014/11/10/sharepoint-2013-pentest-part-2/

https://www.helloitsliam.com/2014/11/06/10-ways-to-a-more-secure-sharepoint-infographic/

”SO you wanna hack SharePoint” Presentation - TechEd
http://view.officeapps.live.com/op/view.aspx?src=http%3a%2f%2fvideo.ch9.ms%2fsessions%2fteched%2fna%2f2013%2fATC-B315.pptx

OLD LINKS – Broken due to new site
http://blog.helloitsliam.com/Lists/Posts/Post.aspx?ID=121
Is SharePoint Secure?
part 1
http://blog.helloitsliam.com/Lists/Posts/Post.aspx?ID=100
part 2 http://blog.helloitsliam.com/Lists/Posts/Post.aspx?ID=101
part 3 http://blog.helloitsliam.com/Lists/Posts/Post.aspx?ID=103
part 4 http://blog.helloitsliam.com/Lists/Posts/Post.aspx?ID=105
Is SharePoint Vulnerable
http://blog.helloitsliam.com/Lists/Posts/Post.aspx?ID=116

Effect of SharePoint Security Groups and/or AD Security Groups on Search Crawl Performance
http://blogs.msdn.com/b/kaevans/archive/2013/05/06/clarifying-guidance-on-sharepoint-security-groups-versus-active-directory-domain-services-groups.aspx

Best practices for using fine-grained permissions in SharePoint Server 2013
http://technet.microsoft.com/en-us/library/gg128955.aspx

Troubleshoot common fine-grained permissions issues for SharePoint Server 2013
http://technet.microsoft.com/en-us/library/dn169566.aspx

UAG - SharePoint Publishing Guide
http://technet.microsoft.com/en-us/library/dd857299.aspx

Firewall Ports
azure acs
http://msdn.microsoft.com/en-us/library/windowsazure/jj136814.aspx
office 365
http://blogs.technet.com/b/educloud/archive/2011/11/30/what-firewall-ports-do-i-need-open-to-connect-to-office-365-for-education.aspx
http://ahandyblog.wordpress.com/cloud-technologies/firewall-ports-for-office-365/

2010

Articles

Copy Permissions Between Site Collections Using AD Groups
https://social.technet.microsoft.com/wiki/contents/articles/8138.sharepoint-2010-copying-permissions-between-site-collections.aspx

Fine Grained Permissions Guide
http://technet.microsoft.com/library/gg128953(office.14).aspx

More from SharePoint Galaxy

Authentication
http://thecloudengineer.blogspot.com/2013/02/authentication.html

TMG UAG
http://thecloudengineer.blogspot.com/2011/07/golden-5-rules-on-sharepoint-security.html

Document Security
http://thecloudengineer.blogspot.com/2011/09/sharepoint-document-security.html

SharePoint Designer
http://thecloudengineer.blogspot.com/2012/03/sharepoint-designer-security.html

Books

Actual book http://www.amazon.com/Office-Sharepoint-Security-Microsoft-Corporation/dp/0735626545

Free Ebook http://technet.microsoft.com/en-us/library/cc287889(v=office.12).aspx

No comments:

Post a Comment