The 3 Pillars of SharePoint Security Liam Cleary CEO/Owner SharePlicity Jeff Melnick Systems Engineer Netwrix Corporation
AGENDA The Problem Attack Vectors Intranet, Extranet and Public Facing Proactive Protection Netwrix Auditor Solution Q&A Session Prize Drawing
THE PROBLEM SharePoint is a large platform Utilized for different solutions Intranet Extranet Public Facing Website Often stores personal data PII Organically grows quickly Permissions are often not set correctly Misconfiguration is common Customized extensively
SHOW ME Web Shell, Client Side Code, and Search Engine Crawling
ATTACK VECTORS
"An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including the human element"
Attack Vectors Attacker Browser & Add-on Exploits Brute-Force, 0-Day Exploits Users Browser Application Infrastructure Social Engineering XSS, CSRF, Clickjacking, Brute-Force
Threat Assumptions Attack Vectors Nation States, Crime Organizations, Professional Hackers or Hacking Platforms Unknown Known Internal Employees with Access Internal Users Normal Hackers, Script Kiddies, Whistleblowers or Disgruntled Employees External Users
PROACTIVE PROTECTION
Protection PROACTIVE PROTECTION Infrastructure Audit Physical Server Access, Firewall Security and Exploit Checking User and Security Permissions, Access Control Flow and Permission Inheritance Security Access Audit External and Internal Attacking Penetration Test
PROACTIVE PROTECTION Infrastructure Audit Version, Roles and enabled Services. Minimize Footprint. Operating System Stored Credentials, Connection Strings and Anonymous Functions Database Servers Application Configuration TCP / UDP Port Checking, Browser Service, Encryption and Account Permissions Patching Security Patches and Cumulative / Service Packs as Needed Event Viewer, Logs and Debugging Tools Errors & Issues
PROACTIVE PROTECTION Security Access Audit Authentication approach, standard NTLM, Forms or Federation Authentication Authorization Controlled using Security Groups, Site Groups or Pre-Authorized at Edge Password Policies as well as Security Group Memberships Account Configuration Internal / External Access Access Control Flow, separate paths for Internal versus External Inherited or Unique Permissions. Global or Specific Access. Permissions
PROACTIVE PROTECTION Penetration Test Services visible on the network, controlled network path access Network Level Access Core Services Enumerate Services and Fingerprinting Normal user access, to pivot other systems Internal Access External Access Firewall Access Control Brute Forcing, or Malformed traffic Application Backdoors or misconfiguration to allow access Application Specific
PROACTIVE ASSURANCE
PROACTIVE ASSURANCE 3 Pillars Infrastructure Audit Security Access Audit Penetration Test Physical Server Access, Firewall Security and Exploit Checking User and Security Permissions, Access Control Flow and Permission Inheritance External and Internal Attacking Protection
PROACTIVE ASSURANCE Use BitLocker Encrypt Connections (SSL) Server Isolation Harden Operating System Enabled Required Roles Disable Unused Services Harden SQL Servers Reduce Surface Area of Attack Multiple Instances Block Standard Ports Use BitLocker Utilize TDE Encryption Encrypt Connections Server Isolation Whitelist / Blacklist Processes Firewall Policies Group Policies AppLocker Policies Separate Administrators Control Password List Limit Domain Admins Limit Administration Access
Netwrix Auditor Visibility platform for user behavior analysis and risk mitigation
About Netwrix Auditor Netwrix Auditor A visibility platform for user behavior analysis and risk mitigation that enables control over changes, configurations, and access in hybrid IT environments. It provides security intelligence to identify security holes, detect anomalies in user behavior and investigate threat patterns in time to prevent real damage.
Netwrix Customers Financial Healthcare and Pharmaceutical Federal, State & Local Government Education Industrial and Technology Business Services
Netwrix Auditor for SharePoint Changes to farm configuration, user content and security, permissions, group membership, security policies Read access auditing State-in-time information on permissions Sensitive data discovery Netwrix Auditor for Active Directory Netwrix Auditor for Azure AD Netwrix Auditor for Exchange Netwrix Auditor for Office 365 Netwrix Auditor for Windows Server Netwrix Auditor for Windows File Servers Netwrix Auditor for EMC Netwrix Auditor for NetApp Netwrix Auditor for SharePoint Netwrix Auditor for Network Devices Netwrix Auditor for Oracle Database Netwrix Auditor for SQL Server Netwrix Auditor for VMware
Visibility into SharePoint Permissions See who has access to what on your SharePoint
Why Do You Need Visibility into SharePoint Permissions? SharePoint is infamous for its complicated permissions layout, which is nearly impossible to untangle using only native tools. Seeing who has access to what enables companies to: Tighten access around sensitive data and enforce the least privilege principle Prove to auditors that you are able to control access to sensitive data Create a more manageable and transparent SharePoint environment
How Can You Use Visibility Into SharePoint Permissions? Analyze permissions to site collections with sensitive data Align user privileges with their responsibilities Identify broken inheritance
Netwrix Auditor Demonstration
Useful Links Free trial: Set up Netwrix Auditor in your own test environment netwrix.com/auditor9.7 Virtual appliance: Get Netwrix Auditor up and running in minutes netwrix.com/go/appliance In-browser demo: Run a demo right in your browser with no need to install anything netwrix.com/go/browser_demo Contact Sales to obtain more information: netwrix.com/contactsales Webinars: join our upcoming webinars and watch the recorded sessions netwrix.com/webinars netwrix.com/webinars#featured
Questions?
Thank you! Liam Cleary CEO/Owner SharePlicity Jeff Melnick Systems Engineer Netwrix Corporation www..com