C/D/H Talks Tech

Author:

Eric Inch

I enjoy learning, using and helping others through technology. This is my second year with C/D/H after many years of consulting for numerous small and mid-sized companies. I enjoy challenging projects and continual improvement in all areas. Most recently, I have been working to help grow the virtualization practice at C/D/H and hopefully add that area to the already impressive expertise in infrastructure consulting at C/D/H.

When I’m not working, I enjoy spending time with my family. I have two little girls who keep me extremely busy but are always the highlight of my day.

For a more in-depth bio and a list of my areas of expertise, please visit http://www.cdh.com.

More about Eric
Articles by Eric Inch

Microsoft Office SharePoint Server (MOSS) has quickly been adopted by many companies as the solution for intranets/extranets, content management, business intelligence reporting, as well as an extensible development framework. C/D/H has numerous large scale MOSS projects ongoing at any given time. While MOSS 2007 provides quite a bit of functionality right out of the box, there are a few solutions that can be implemented along with your MOSS design to drastically improve the overall security of your solution. The four I will briefly discuss are Microsoft Internet Security and Acceleration (ISA) Server, RSA SecurID, Forefront Security for SharePoint, and Microsoft Rights Management Services (RMS).

1. Microsoft ISA Server is Microsoft’s enterprise firewall providing application layer protection and tight integration with many of the Microsoft server technologies including Exchange, MOSS and Office Communications Server. Security benefits of ISA Server integration with MOSS include a reverse proxy that forces pre-authentication at the firewall to prevent external users from directly accessing the MOSS site prior to being authenticated-no traffic passes through the ISA Server to the MOSS environment until the user successfully authenticates. This ensures only authorized users have access to the internal MOSS server(s).
2. The RSA Authentication agent for IIS provides integration whereas RSA SecurID can provide two-factor authentication for your SharePoint sites. Passwords are frequently used by the majority of companies due to their low cost (free), but this doesn’t mean they are secure. To be considered secure, you must have a solution that provides at least two-factor authentication. RSA SecurID allows you to meet this requirement by making a user to enter something they have (token) with something they know (PIN). I was going to develop a Flash overview of RSA SecurID tokens for some additional information but saw that RSA already had one, see RSA SecurID Tokens (Plus I don’t know Flash which really caused an issue).
3. Microsoft Forefront Security for SharePoint integrates multiple anti-virus scanning engines and content controls to provide protection for MOSS sites and helps eliminate documents containing malicious code, confidential information, and inappropriate content. As companies rely more and more on MOSS for document collaboration, the importance of a secure and robust solution for malware becomes more and more visible. Forefront Security for SharePoint was developed specifically for SharePoint and thus provides exceptional protection against threats.
4. Microsoft Rights Management Services (RMS) allows you to extend the permissions of the site all the way down to the file itself. The permissions the user had to the document in SharePoint are used to drive the RMS permissions, and wherever the file goes, the permissions go with it. They are applied to the document as it is downloaded, thus automatically being protected. I won’t go too far into RMS with this blog as you can visit a previous blog entry I had with an overview of this technology: “Already Using RMS? I Sure Hope So!”

Microsoft has done a phenomenal job improving the features available in SharePoint Services 3.0 and MOSS 2007. Now just remember to include information security measures when developing your SharePoint design and you will have a secure collaboration environment.