Hosting Provided By

RE: Share Point?

From: Corey Flood <cflood(at)bigcityfunding.com>
Date: Fri May 09 2003 - 16:11:58 EDT

I have Share Point Team Services set up on our domain as an intra/extranet and the users are not local on my configuration. I used the option second option to use domain authentication....so the user's name is domainname\username and it uses the information such as password and actual name...I dont know what port it uses to authenticate to the AD Server.

Also, in the IIS settings for the site you can use the IIS security (or lack thereof), you can also move the port or make the share point site ssl, which is what I did....hope any of this helps...

-Corey Flood

Big City Funding
IT Manager / Loan Officer
cflood@bigcityfunding.com

-----Original Message-----

From: Roberts Phillip (IBM) [mailto:phillip.roberts@thomson.net] Sent: Friday, May 09, 2003 11:01 AM
To: 'focus-ms@securityfocus.com'
Subject: RE: Share Point?

Couldn't you make that server its own PDC/Domain within the DMZ in order to
avoid this as an issue?

-----Original Message-----

From: Matt Andreko [mailto:mandreko@ori.net] Sent: Friday, May 09, 2003 11:25 AM
To: 'Derek Schaible'; focus-ms@securityfocus.com Subject: RE: Share Point?

Be sure to make a note that Sharepoint (at least sharepoint team services) uses local users. It does not use some authentication database or anything. If you tell it to create a new user for the site, or if the site allows a user to sign up, that user has an NT password on the system. This could help in establishing a privilege escalation exploit.

Normally the local users are pretty stripped down, but it could be used with an exploit of some sort that requires little privilege.

Do you need help?

-----Original Message-----

From: Derek Schaible [mailto:dschaible@cssiinc.com] Sent: Friday, May 09, 2003 8:33 AM
To: focus-ms@securityfocus.com
Subject: Share Point?

Greetings List,

I have a customer who wants to place sharepoint in a DMZ for outside clients to access documents. It is their intent to place all of their data regarding a project on the SharePoint server and use that as the single point of storage for this project. Meaning, everyone on the team uses this one share in the DMZ.

Does this sound safe? Has anyone here tested Share Point's security? I'm sure this isn't the first time someone has needed to do something like this, how have some of you handled this scenario?

I appreciate anyone's input on this matter and any advice at all is welcome!

Thanks,
Derek

FastTrain has your solution for a great CISSP Boot Camp. The industry`s most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-focus-ms

-

FastTrain has your solution for a great CISSP Boot Camp. The industry`s most

recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-focus-ms

FastTrain has your solution for a great CISSP Boot Camp. The industry`s most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-focus-ms

Received on Fri May 9 16:53:46 2003

This message: [ Message body ]
Next message: John Davis: "RE: Share Point?"
Previous message: Brian W. Spolarich: "RE: Timbuktu, etc."
In reply to: Roberts Phillip (IBM): "RE: Share Point?"
Reply: Brian W. Spolarich: "RE: Share Point?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:30 EDT

Do you need more help?