David J Pileggi Jr. SharePoint Evangelist M@DSoft SharePoint Security: Through the Looking Glass
Dec 21, 2014
David J Pileggi Jr.SharePoint EvangelistM@[email protected]
SharePoint Security:Through the Looking Glass
was made possible by the generous support of the
following sponsors…
And by your participation… Thank you!
Be sure to fill out your eval form & turn in at the end of the day for
a ticket to the BIG raffle!
Join us for the raffle & SharePint following
the last session
Introduction
The Real Introduction Computer Science degree from University of
Central Florida Professionally working in the IT industry for 11
years Working specifically with SharePoint for last 8
years Taught several SharePoint 101 classes Designed SharePoint solutions more than 40
Companies Ranging from Regional to Fortune 100 Member of New England SharePoint Users Group Avid Alpha/Beta tester SharePoint and otherwise
Itinerary The Cast The Good The Bad The Ugly Building Security Schema’s Final Thoughts Q&A
Session Goals This is a Level 300 session. Easy to
understand, difficult to master To address the high level theoretical
approach to SharePoint Security To discover several best practices
surrounding security Discover what not to do or if done what to
expect when actions that are less than best practice is utilized
Leave with a heightened level of understanding surrounding securing SharePoint Portals, sites, etc.
The Cast AD (Cheshire Cat)
Users Security Groups
SharePoint Security Groups (White Rabbit)
SharePoint Permission Levels (Mad Hatter) Out of Box Custom
FBA (Caterpillar) oAuth (Door Mouse)
The Good: AD (Cheshire Cat) Security Groups
already there In a controlled
environment Great for giving
sweeping permissions
Best Practice
The Good: SharePoint Security Groups(White Rabbit)
High turnover Small groups in
large corporations Easy to create with
perks Use custom
permission sets Create distribution
list Delegate
responsibility
The Good: SharePoint Permission Levels (Mad Hatter)
Out of box permission sets are acceptable tiers of permissions
Ability to create custom permission sets SharePoint breaks down permissions into 32 individual
selections Three sections group the 32 individual selections
The Good: FBA (Caterpillar) Forms Based Authentication can fit YOUR
business mold FBA allows a way users beyond your walls to
participate FBA allows an alternate way to authenticate There are a lot of tools to help you jump start FBA
The Good: oAuth (Door Mouse)
Remove the need to own the responsibility of supporting user base
One less username and password users will have to remember
The Bad: AD (Cheshire Cat) Can be a potential
bottleneck Will show how the
information is kept up… or not
The Bad: SharePoint Security Groups (White
Rabbit)
Could potentially get out of hand Multiple groups per
site Groups not
maintained Dilute the primary
security schema Email enabled
farm??
The Bad: SharePoint Permission Levels (Mad Hatter)
Over complication KISS method
The Bad: Visualizing Security (Mad Hatter continued)
The target theory Build in concentric
circles Contain as much as
possible Understanding how to
put it all together
The Bad: FBA (Caterpillar) You own it and everything that comes with
it Development cycles Maintenance of the code Maintenance of the database(s) Help Desk/support will be needed
The Bad: oAuth (Door Mouse) Not a flip of the switch 3rd Party may (read, must) be used OR lots
of development and configuration pain
The Ugly
The No Security Schema … Schema The best security schema over time will
deteriorate
Building Security Schema’s Information Age cliché:
Know your Data! What is going to be
housed in your farm HIPPA Sarbanes Oxley Etc.
Site Collection One vs. Many Securities smallest common
denominator Portals and departments
and teams OH MY!
Zones There are 5 Zones that can refer to the
same Web Application Default Custom Internet Intranet Extranet
Probably one of the best kept secrets Security can be at different levels per
zone
Final Thoughts Intranet, Extranet, Internet (oh my)
Intranet Use of AD for security
Extranet/Internet AD Forms Based Authentication Active Directory Federation Services (ADFS) Anonymous
Active Directory Rights Management Services
Q&A
ResourcesAD Rights Management Services: http://www.microsoft.com/windowsserver2008/en/us/ida-information-protection.aspx
Contact Information
David J Pileggi Jr.Consultant at InsightEmail: [email protected]: http://sharepoint.mindsharpblogs.com/davep Twitter: @DavidPileggi
Thank You!Please fill out and return your evaluations.
We want to know what you think.