+ All Categories
Home > Documents > The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit...

The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit...

Date post: 24-May-2020
Category:

Documents
Upload: others
View: 9 times
Download: 0 times
Download Report this document
Share this document with a friend
27
The 3 Pillars of SharePoint Security Liam Cleary CEO/Owner SharePlicity Jeff Melnick Systems Engineer Netwrix Corporation
Transcript
Page 1: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

The 3 Pillars of SharePoint Security

Liam ClearyCEO/OwnerSharePlicity

Jeff MelnickSystems EngineerNetwrix Corporation

Page 2: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

AGENDA

• The Problem

• Attack Vectors

• Intranet, Extranet and Public Facing

• Proactive Protection

• Netwrix Auditor Solution

• Q&A Session

• Prize Drawing

Page 3: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

THE PROBLEM

• SharePoint is a large platform

• Utilized for different solutions– Intranet

– Extranet

– Public Facing Website

• Often stores personal data– PII

• Organically grows – quickly

• Permissions are often not set correctly

• Misconfiguration is common

• Customized extensively

Page 4: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

SHOW MEWeb Shell, Client Side Code, and Search Engine Crawling

Page 5: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

ATTACK VECTORS

Page 6: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

"An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including the human element"

Page 7: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

Attack Vectors

Application InfrastructureBrowserUsers

Social EngineeringXSS, CSRF, Clickjacking,

Brute-Force

Browser & Add-on Exploits

Brute-Force, 0-Day Exploits

Attacker

Page 8: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

Attack Vectors

Unknown

InternalUsers

ExternalUsers

Nation States, Crime Organizations,

Professional Hackers or Hacking Platforms

Thre

at A

ssu

mp

tio

ns

Known Internal Employees with Access

Normal Hackers, “Script Kiddies”, Whistleblowers or Disgruntled Employees

Page 9: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

PROACTIVE PROTECTION

Page 10: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

PROACTIVE PROTECTION

Infrastructure Audit

Physical Server Access, Firewall Security and

Exploit Checking

Security Access Audit

Penetration Test Pro

tect

ion

User and Security Permissions, Access

Control Flow and Permission Inheritance

External and Internal Attacking

Page 11: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

PROACTIVE PROTECTION

Infrastructure Audit Operating System

Database Servers

Application Configuration

Patching

Errors & Issues

Version, Roles and enabled Services.

Minimize Footprint.

TCP / UDP Port Checking, Browser Service,

Encryption and Account Permissions

Security Patches and Cumulative / Service Packs

as Needed

Stored Credentials, Connection Strings and Anonymous Functions

Event Viewer, Logs and Debugging Tools

Page 12: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

PROACTIVE PROTECTION

Security Access AuditAuthentication

Authorization

Account Configuration

Internal / External Access

Permissions

Authentication approach, standard NTLM, Forms or

Federation

Controlled using Security Groups, Site Groups or Pre-Authorized at Edge

Access Control Flow, separate paths for Internal

versus External

Password Policies as well as Security Group

Memberships

Inherited or Unique Permissions. Global or

Specific Access.

Page 13: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

PROACTIVE PROTECTION

Penetration Test Network Level Access

Core Services

Internal Access

External Access

Application Specific

Services visible on the network, controlled network path access

Enumerate Services and Fingerprinting

Firewall Access Control Brute Forcing, or Malformed traffic

Normal user access, to pivot other systems

Application Backdoors or misconfiguration to allow

access

Page 14: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

PROACTIVE ASSURANCE

Page 15: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

PROACTIVE ASSURANCE

Infrastructure Audit Security Access Audit Penetration Test

Protection

Physical Server Access,

Firewall Security and Exploit

Checking

User and Security Permissions, Access

Control Flow and Permission Inheritance

External and Internal Attacking

3 Pillars

Page 16: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

PROACTIVE ASSURANCE

Harden Operating System

Harden SQL Servers

Reduce Surface Area of Attack

Whitelist / Blacklist Processes

Limit Administration Access

Enabled Required RolesDisable Unused Services

Multiple InstancesBlock Standard PortsUse BitLockerUtilize TDE EncryptionEncrypt ConnectionsServer Isolation

Firewall PoliciesGroup PoliciesAppLocker Policies

Use BitLockerEncrypt Connections (SSL)

Server Isolation

Separate AdministratorsControl Password ListLimit Domain Admins

Page 17: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

Netwrix AuditorVisibility platform for user behavior analysis

and risk mitigation

Page 18: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

About Netwrix Auditor

A visibility platform for user behavior analysis and risk mitigation

that enables control over changes, configurations, and access in hybrid IT environments.

It provides security intelligence to identify security holes, detect anomalies in user behavior

and investigate threat patterns in time to prevent real damage.

Netwrix Auditor

Page 19: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

Netwrix Customers

Financial Healthcare and Pharmaceutical

Federal, State & Local Government Education

Industrial and Technology Business Services

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=gmLi1liNnkSnfM&tbnid=vboLnWzIf_2kEM:&ved=0CAUQjRw&url=http://web.alsa.org/site/PageServer?pagename=WLK_NC_sponsors_logos&ei=jycsUZLHNuW02wWDlYGoAg&bvm=bv.42965579,d.b2I&psig=AFQjCNGxg5MvV-lPKE3PW810HpMyikrnWA&ust=1361934601367999
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=4IP1IETSDl9eLM&tbnid=rn0mKkNoELvahM:&ved=0CAUQjRw&url=http://joinbankon.org/about/supporters/&ei=TSgsUb-LN7S02AWo5YCoBQ&bvm=bv.42965579,d.b2I&psig=AFQjCNGLNMybhWpTsmdAecPKbRcKHbhjUw&ust=1361934786152835
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=kgn6V4ZdIjXNNM&tbnid=AnMkmtrJhxx6PM:&ved=0CAUQjRw&url=http://www.forbes.com/sites/greatspeculations/2010/11/01/learn-to-love-deflation-not-dollar-devaluation/&ei=aiksUZLUPOiU2gXou4HICw&psig=AFQjCNEQZdhzyohKSNms2gkccQvwGHOJzg&ust=1361935075697450
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=HALl3mv64J1zuM&tbnid=tayw5VmSwCyd9M:&ved=0CAUQjRw&url=http://www.epa.gov/ncer/childrenscenters/centers/columbia.html&ei=UCssUZr-G6PI2gXVtYDoDQ&psig=AFQjCNFWFSYh4pC2mkoPY2AukAgToVkdhg&ust=1361935564865403
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=L9wqj7RGjyg_PM&tbnid=zsjfcAh9-QjhzM:&ved=0CAUQjRw&url=http://barnabywhitfieldsblog.blogspot.com/2013/01/mitsubishi-logo.html&ei=8SQsUZWxL4XY2QWPsoHQAQ&bvm=bv.42965579,d.b2I&psig=AFQjCNEL_8mFQcDDCh_U4AaJJfoakrWzlw&ust=1361933932089881
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=mJHSQ3Ow4Y7Z7M&tbnid=GSmez2pgkYx9CM:&ved=0CAUQjRw&url=http://logobuffer.com/a50e4c9/logo-hyundai.html&ei=MiwsUdSMMMaF2gX6_IHADg&psig=AFQjCNGBmsQ7BfksWcrXxhsKWhXkxVb31Q&ust=1361935790866285
Page 20: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

Netwrix Auditor for SharePoint

• Changes to farm configuration, user content and

security, permissions, group membership, security

policies

• Read access auditing

• State-in-time information on permissions

• Sensitive data discovery

Netwrix Auditor for

Active Directory

Netwrix Auditor for

Windows File Servers

Netwrix Auditor for

Oracle Database

Netwrix Auditor for

Azure AD

Netwrix Auditor for

EMC

Netwrix Auditor for

SQL Server

Netwrix Auditor for

Exchange

Netwrix Auditor for

NetApp

Netwrix Auditor for

Windows ServerNetwrix Auditor for

Office 365

Netwrix Auditor for

SharePoint

Netwrix Auditor for

VMware

Netwrix Auditor for

Network Devices

Page 21: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

Visibility into SharePoint Permissions

See who has access to what on your SharePoint

Page 22: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

Tighten access around sensitive data and enforce the least privilege principle

Prove to auditors that you are able to control access to sensitive data

Create a more manageable and transparent SharePoint environment

SharePoint is infamous for its complicated permissions layout, which is nearly impossible to untangle

using only native tools. Seeing who has access to what enables companies to:

Why Do You Need Visibility into SharePoint Permissions?

Page 23: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

How Can You Use Visibility Into SharePoint Permissions?

Analyze permissions to site collections with sensitive data

Align user privileges with their responsibilities

Identify broken inheritance

Page 24: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

Demonstration

Netwrix Auditor

Page 25: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

Useful Links

Free trial: Set up Netwrix Auditor in your own test environment netwrix.com/auditor9.7

Virtual appliance: Get Netwrix Auditor up and running in minutes netwrix.com/go/appliance

In-browser demo: Run a demo right in your browser with no need to install anything

netwrix.com/go/browser_demo

Contact Sales to obtain more information: netwrix.com/contactsales

Webinars: join our upcoming webinars and watch the recorded sessions

netwrix.com/webinars

netwrix.com/webinars#featured

https://www.netwrix.com/auditor9.7.html?utm_source=recordedwebinars&utm_medium=follow-up&utm_campaign=slide-deck-link-the-3-pillars-of-sharepoint-security
https://www.netwrix.com/virtual_appliances.html?utm_source=recordedwebinars&utm_medium=follow-up&utm_campaign=slide-deck-link-the-3-pillars-of-sharepoint-security
https://www.netwrix.com/browser_demo.html?utm_source=recordedwebinars&utm_medium=follow-up&utm_campaign=slide-deck-link-the-3-pillars-of-sharepoint-security
http://netwrix.com/contactsales
https://www.netwrix.com/webinars?utm_source=recordedwebinars&utm_medium=follow-up&utm_campaign=slide-deck-link-the-3-pillars-of-sharepoint-security
https://www.netwrix.com/webinars.html#featured?utm_source=recordedwebinars&utm_medium=follow-up&utm_campaign=slide-deck-link-the-3-pillars-of-sharepoint-security
Page 26: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

Questions?

Page 27: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control

www. .com

Thank you!

Liam ClearyCEO/OwnerSharePlicity

Jeff MelnickSystems EngineerNetwrix Corporation


Recommended
FINGERPRINTING ANALYSIS

FINGERPRINTING ANALYSIS

Documents

Fingerprinting Technologies

Fingerprinting Technologies

Documents

Molecular Analyst Fingerprinting, Fingerprinting Plus, and Fingerprinting … · 2009. 9. 3. · Molecular Analyst Fingerprinting, Fingerprinting Plus, and Fingerprinting DST Software

Molecular Analyst Fingerprinting, Fingerprinting Plus, and Fingerprinting … · 2009. 9. 3. · Molecular Analyst Fingerprinting, Fingerprinting Plus, and Fingerprinting DST Software

Documents

Fingerprinting Continued...

Fingerprinting Continued...

Documents

Genetic fingerprinting

Genetic fingerprinting

Documents

Digital Fingerprinting

Digital Fingerprinting

Engineering

Cytometric Fingerprinting: Quantitative … Fingerprinting

Cytometric Fingerprinting: Quantitative … Fingerprinting

Documents

TLS Fingerprinting - Stealthier Attacking & Smarter Defending - DerbyCon

TLS Fingerprinting - Stealthier Attacking & Smarter Defending - DerbyCon

Technology

DNA Fingerprinting

DNA Fingerprinting

Documents

Fingerprinting and Attacking a Healthcare Infrastructure

Fingerprinting and Attacking a Healthcare Infrastructure

Technology

Karyotypes, DNA Fingerprinting, and Meiosis · DNA Fingerprinting and Karyotyping ... DNA Fingerprinting ... Karyotypes, DNA Fingerprinting, and Meiosis Author: ajohnson01

Karyotypes, DNA Fingerprinting, and Meiosis · DNA Fingerprinting and Karyotyping ... DNA Fingerprinting ... Karyotypes, DNA Fingerprinting, and Meiosis Author: ajohnson01

Documents

Fingerprinting Merit Badge Pamphlet - be4real.combe4real.com/ScoutingStuff/MeritBadgeBooks/Fingerprinting Merit... · qqA Troop 1292 # MERIT BADGE SERIES FINGERPRINTING Fingerprint

Fingerprinting Merit Badge Pamphlet - be4real.combe4real.com/ScoutingStuff/MeritBadgeBooks/Fingerprinting Merit... · qqA Troop 1292 # MERIT BADGE SERIES FINGERPRINTING Fingerprint

Documents

20 ATTACKING DRILLS - Association de soccer de - · PDF file20 ATTACKING DRILLS ... 20 Soccer Attacking Drills ... speed. 20 ATTACKING DRILLS . 20 ATTACKING DRILLS

20 ATTACKING DRILLS - Association de soccer de - · PDF file20 ATTACKING DRILLS ... 20 Soccer Attacking Drills ... speed. 20 ATTACKING DRILLS . 20 ATTACKING DRILLS

Documents

DNA Fingerprinting. Content The structure of DNA History of DNA fingerprinting DNA Electrophoresis DNA fingerprinting application.

DNA Fingerprinting. Content The structure of DNA History of DNA fingerprinting DNA Electrophoresis DNA fingerprinting application.

Documents

Watermarking and Fingerprinting for Global Broadcast ... · Watermarking & Fingerprinting Video Watermarking (VWM) Audio Fingerprinting (AFP) Audio Watermarking (AWM) Video Fingerprinting

Watermarking and Fingerprinting for Global Broadcast ... · Watermarking & Fingerprinting Video Watermarking (VWM) Audio Fingerprinting (AFP) Audio Watermarking (AWM) Video Fingerprinting

Documents

Sensors Fingerprinting

Sensors Fingerprinting

Documents

Brain Fingerprinting

Brain Fingerprinting

Documents

ArubaOS DHCP Fingerprinting - Airheads CommunityArubaOS DHCP Fingerprinting Application Note Aruba Networks, Inc. Deploying DHCP Fingerprinting | 9!! un_0485!!! The ArubaOS DHCP fingerprinting

ArubaOS DHCP Fingerprinting - Airheads CommunityArubaOS DHCP Fingerprinting Application Note Aruba Networks, Inc. Deploying DHCP Fingerprinting | 9!! un_0485!!! The ArubaOS DHCP fingerprinting

Documents