Hi,
As you say, it all depends on your requirements. Bastion Host Template is
a part of Security Guide for Windows 2003. More information can be found
at
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx
After having applied that template, I run some verification tools like
BSA, Nessus and C2I Security Benchmark. In my opinion, the results were
acceptable.
When it comes to Sharepoint, I don't understand what you mean by default
user and permissions. AFAIK, there are none. You have to set up access per
site. Sub-sites can inherit permissions from the parent if you want to. In
our case, there are a couple of well-managed extranet applications.
Best regards
Tevfik
Did you also review the permissions of the Sharepoint users inside of
Sharepoint?
You secured the server...but what about reviewing Sharepoint?
If you have not changed the default users and their permissions and
roles, many Sharepoint gurus I know say there's work to be done inside
of there depending on your needs and risk.
Why did you choose that template? What risks is it averting?
Tevfik Karagülle wrote:
Hi,
What I did for a customer was to use Microsoft's Bastion Host security
template on a Windows 2003
Server Web edition and Sharepoint Service v2 w/SP1.
Best regards
Tevfik Karagulle
ITEFIX Consulting
http://itefix.no
-----Original Message-----
From: limpiezasgomez@terra.es [mailto:limpiezasgomez@terra.es]
Sent: 17. august 2005 12:12
To: focus-ms@securityfocus.com
Subject: SharePoint securization
Is there any resource where I could find information on steps
to secure a SharePoint Services installation?
Thanks!
Pedro
--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
---------------------------------------------------------------------------
---------------------------------------------------------------------------
