Security 101
Concerns
Edward Snowden, SharePoint, and Security
https://www.credera.com/blog/technology-insights/microsoft-solutions/edward-snowden-sharepoint-security/
Pentest – Phases
- Recon
- Scan
- Gain Access
- Maintain Access
- Cleanup
- Pivot
https://en.wikipedia.org/wiki/Penetration_test
https://windsorwebdeveloper.com/comptia-pentest-study-guide/
Tools
https://www.kali.org/
https://nmap.org/
Tutorials – NMAP Zenmap MegaPing
https://www.youtube.com/channel/UCtudLj18oXlrzrPHqKC5bLA
News
WikiLeaks CIA Files: The 6 Biggest Spying Secrets Revealed By the Release of 'Vault (2017)
“”1,2,3, and 5 were revealed with the documents that Edward Snowden released to The Guardian and was subsequently detailed in at least a couple of the books written about that leak including Data and Goliath by Bruce Schneier and The Snowden Files by Luke Harding.
The NSA and CIA also maintain a cache of vulnerabilities they have discovered but kept to themselves and not shared with Microsoft, Android/Google or Apple as well as the other operating system vendors so they can perform surveillance on any company running those OS.
This activity has been approved by the FISA court all in the name of Homeland security but not necessarily restricted to that activity.” George
2016
Plan security hardening for SharePoint Server 2016
https://technet.microsoft.com/en-us/library/cc262849(v=office.16).aspx
MS16-101 Prevents SharePoint From Changing Managed Account Passwords
https://thesharepointfarm.com/2016/09/ms16-101-prevents-sharepoint-from-changing-managed-account-passwords/2013/2010
Technet on Planning Security Hardening (2010 or 2013)
https://technet.microsoft.com/en-us/library/cc262849(v=office.15).aspx
https://technet.microsoft.com/en-us/library/cc262849(v=office.14).aspx
Good Article on SharePoint Groups vs. AD Groups and effect on Search Crawls
http://blogs.msdn.com/b/kaevans/archive/2013/05/06/clarifying-guidance-on-sharepoint-security-groups-versus-active-directory-domain-services-groups.aspx
Preview as user (Third Party)
http://blog.mastykarz.nl/previewing-pages-content-targeting-user-segments-sharepoint-2013/
Updates
Interesting Vulnerability Site on SharePoint
Lists - http://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-11116/Microsoft-Sharepoint-Server.html
Stats - http://www.cvedetails.com/product/11116/Microsoft-Sharepoint-Server.html?vendor_id=26
Legacy
Great Security Articles by Liam Cleary
https://www.helloitsliam.com/
PenTest (Part 1 and 2)
https://www.helloitsliam.com/2014/11/06/sharepoint-2013-pentest-part-1/
https://www.helloitsliam.com/2014/11/10/sharepoint-2013-pentest-part-2/
https://www.helloitsliam.com/2014/11/06/10-ways-to-a-more-secure-sharepoint-infographic/
”SO you wanna hack SharePoint” Presentation - TechEdhttp://view.officeapps.live.com/op/view.aspx?src=http%3a%2f%2fvideo.ch9.ms%2fsessions%2fteched%2fna%2f2013%2fATC-B315.pptx
OLD LINKS – Broken due to new site
http://blog.helloitsliam.com/Lists/Posts/Post.aspx?ID=121
Is SharePoint Secure?
part 1 http://blog.helloitsliam.com/Lists/Posts/Post.aspx?ID=100
part 2 http://blog.helloitsliam.com/Lists/Posts/Post.aspx?ID=101
part 3 http://blog.helloitsliam.com/Lists/Posts/Post.aspx?ID=103
part 4 http://blog.helloitsliam.com/Lists/Posts/Post.aspx?ID=105
Is SharePoint Vulnerable
http://blog.helloitsliam.com/Lists/Posts/Post.aspx?ID=116
Effect of SharePoint Security Groups and/or AD Security Groups on Search Crawl Performance
http://blogs.msdn.com/b/kaevans/archive/2013/05/06/clarifying-guidance-on-sharepoint-security-groups-versus-active-directory-domain-services-groups.aspx
Best practices for using fine-grained permissions in SharePoint Server 2013
http://technet.microsoft.com/en-us/library/gg128955.aspx
Troubleshoot common fine-grained permissions issues for SharePoint Server 2013
http://technet.microsoft.com/en-us/library/dn169566.aspx
UAG - SharePoint Publishing Guide
http://technet.microsoft.com/en-us/library/dd857299.aspx
Firewall Ports
azure acs
http://msdn.microsoft.com/en-us/library/windowsazure/jj136814.aspx
office 365
http://blogs.technet.com/b/educloud/archive/2011/11/30/what-firewall-ports-do-i-need-open-to-connect-to-office-365-for-education.aspx
http://ahandyblog.wordpress.com/cloud-technologies/firewall-ports-for-office-365/
2010
Articles
Copy Permissions Between Site Collections Using AD Groups
https://social.technet.microsoft.com/wiki/contents/articles/8138.sharepoint-2010-copying-permissions-between-site-collections.aspx
Fine Grained Permissions Guide
http://technet.microsoft.com/library/gg128953(office.14).aspx
More from SharePoint Galaxy
Authentication
http://thecloudengineer.blogspot.com/2013/02/authentication.html
TMG UAG
http://thecloudengineer.blogspot.com/2011/07/golden-5-rules-on-sharepoint-security.html
Document Security
http://thecloudengineer.blogspot.com/2011/09/sharepoint-document-security.html
SharePoint Designer
http://thecloudengineer.blogspot.com/2012/03/sharepoint-designer-security.html
Books
Actual book http://www.amazon.com/Office-Sharepoint-Security-Microsoft-Corporation/dp/0735626545
Free Ebook http://technet.microsoft.com/en-us/library/cc287889(v=office.12).aspx
No comments:
Post a Comment