1 / 20

Lock It Down: Securing Your SharePoint Environment

Lock It Down: Securing Your SharePoint Environment. Liam Cleary. About Me. Solution Architect @ Protiviti SharePoint MVP Everything SharePoint Architecture Infrastructure Development Security SharePoint Dreamer Speak at lots of community events. Agenda. Hackers

vicki
Download Presentation

Lock It Down: Securing Your SharePoint Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lock It Down: Securing Your SharePoint Environment Liam Cleary

  2. About Me • Solution Architect @ Protiviti • SharePoint MVP • Everything SharePoint • Architecture • Infrastructure • Development • Security • SharePoint Dreamer • Speak at lots of community events

  3. Agenda

  4. Hackers • The real world hackers • Employees • The ones you always do, though you shouldn’t trust • Developers • No-one trusts these guys • Administrators • “We have the Power”

  5. Manual: SharePoint “Brute-Force” • Test Access for common URLs • Search Engine • Google: inurl:”/_layouts/viewlsts.aspx” • Bing: instreamset: url :viewlsts.aspx • Nmap • Access Central Administration • Shared Services • Web Service Endpoints • RegEx Tools • SHODAN Searching • ”WWW-authenticate”, “MicrosoftSharePointTeamServices: 12/14/15”

  6. Cross Site Scripting (XSS) • Web Services Endpoints Exposed – “_vti_bin/spdisco.aspx” • “_layouts/viewlsts.aspx” – potential data leak • “_vti_bin” – functionality can be available as anonymous • “_layouts/userdisp.aspx?Force=True&ID={0}” – User Enumeration • “_vti_inf.html” – expose internal Front Page Extensions • Common functions available through Web Services • Search Principals • GetAllUserCollectionsFromWeb • 3rd Party components, such as web parts • “http://{siteurl}/_layouts/{Vendor Name Removed}.Feature/userpresensesvc.ashx?userID=68&userProfileUrl=http://{site url}/_layouts/userdisp.aspx?ID=68”

  7. wget -r –A pdf --no-check-certificate https://{siteurl}/Forms/AllItems.aspx

  8. Function IteratePages() { [CMDLetBinding()] Param ([String] $url, [Int] $start, [Int] $end) for ($i=$start; $i -lt $end; $i++) { Write-Host $i $saveTo = 'C:\OUT\' + $i + '.txt' Write-Host $saveTo $retUrl = $url + $i Write-Host $retUrl Get-WebPage $retUrl > $saveTo } } IteratePages http://{site url}/_layouts/userdisp.aspx?ID= 1 1000

  9. Web Database Services Application HTTP/HTTPS

  10. Web Database Services Application HTTP/HTTPS

  11. Web Cache Application Search Workflow TCP 9354 TCP 9355 TCP 9356 TCP 9000 (5 Rand Ports) TCP 16500/19 TCP 445 UDP 445 TCP 137 - 139 UDP 137 - 139 TCP 5725 TCP 389 UDP 389 TCP 464 UDP 464 HTTP 80 HTTPS 443 TCP 22233 TCP 22234 TCP 22235 TCP 22236

  12. Block the standard SQL Server ports Configure SQL Server database instances to listen on a nonstandard port Configure SQL client aliases Bypass the actual server name Configured SQL Encryption Implement Windows Firewall Policies Run “Best Practice Security Analyzer” and use “Server Hardening Guidance” Utilize Group Policies

  13. Implement Windows Firewall Policies Run “Best Practice Security Analyzer” and use “Server Hardening Guidance” Utilize Group Policies Open “Allowed Ports” ONLY List Common App Server Ports Here

  14. Open “Allowed Ports” ONLY TCP 80 – HTTP TCP 443 - HTTPS Implement Windows Firewall Policies Run “Best Practice Security Analyzer” and use “Server Hardening Guidance” Utilize Group Policies

  15. Open “Allowed Ports” ONLY TCP 80 – HTTP TCP 443 - HTTPS Hardware / Software Firewall SSL Encryption & Inspection Offload Authentication / Delegation User Access Gateway (UAG)

  16. netshadvfirewall firewall add rule name="SQLServer" dir=in action=allow protocol=TCP localport=1433 profile=DOMAIN • netshadvfirewall firewall add rule name="SQL DAC" dir=in action=allow protocol=TCP localport=1434 profile=DOMAIN • netshadvfirewall firewall add rule name="SQL Browser" dir=in action=allow protocol=UDP localport=1434 profile=DOMAIN • netshadvfirewall firewall add rule name="Mirroring EndPoint" dir=in action=allow protocol=TCP localport=5022 profile=DOMAIN • netshadvfirewall firewall add rule name="SQL Service Broker" dir=in action=allow protocol=TCP localport=4022 profile=DOMAIN • netshadvfirewall firewall add rule name="T-SQL Debugger" dir=in action=allow protocol=TCP localport=135 profile=DOMAIN

  17. netsh advfirewall firewall add rule name="SharePoint HTTP/HTTPS" dir=in action=allow protocol=TCP localport=80,443 profile=DOMAIN • netsh advfirewall firewall add rule name="SharePoint Cache" dir=in action=allow protocol=TCP localport=22233-22236 profile=DOMAIN • netsh advfirewall firewall add rule name="SharePoint Farm Communication (TCP)" dir=in action=allow protocol=UDP localport=389,464 profile=DOMAIN • netsh advfirewall firewall add rule name="SharePoint Search" dir=in action=allow protocol=TCP localport=16500-16519,445,137-139,5725 profile=DOMAIN • netsh advfirewall firewall add rule name="SharePoint Workflow" dir=in action=allow protocol=TCP localport=9354-9356,9000 profile=DOMAIN

  18. Page Lockdown Fix Security Slip-Ups – manual process Comply with Compliance and Governance Policies Administrator can modify or delete logs Secure Web Site SQL Injection, Brute Force Password Attack and Cross Site Scripting (XSS) Understand that SharePoint is SQL Privileged Users could hack Permission for SharePoint Fix Search Engine Visibility Mississippi National Guard apologized for exposing personal data through their public SharePoint Site

  19. Pentest your SharePoint Site Internal – Choice External – No Choice Ensure Latest Patches Suggested Rule, stay two CU’s behind unless it resolves a current issue Learn to Hack Make Security a to Priority Learn to “Publish” SharePoint Correctly We (Protiviti) can help you with this 

  20. Liam Cleary Email: liam.cleary@Protiviti.com Twitter: @helloitsliam Blog: http://blog.helloitsliam.com

More Related