The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit...
Transcript of The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit...
![Page 1: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/1.jpg)
The 3 Pillars of SharePoint Security
Liam ClearyCEO/OwnerSharePlicity
Jeff MelnickSystems EngineerNetwrix Corporation
![Page 2: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/2.jpg)
AGENDA
• The Problem
• Attack Vectors
• Intranet, Extranet and Public Facing
• Proactive Protection
• Netwrix Auditor Solution
• Q&A Session
• Prize Drawing
![Page 3: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/3.jpg)
THE PROBLEM
• SharePoint is a large platform
• Utilized for different solutions– Intranet
– Extranet
– Public Facing Website
• Often stores personal data– PII
• Organically grows – quickly
• Permissions are often not set correctly
• Misconfiguration is common
• Customized extensively
![Page 4: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/4.jpg)
SHOW MEWeb Shell, Client Side Code, and Search Engine Crawling
![Page 5: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/5.jpg)
ATTACK VECTORS
![Page 6: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/6.jpg)
"An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including the human element"
![Page 7: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/7.jpg)
Attack Vectors
Application InfrastructureBrowserUsers
Social EngineeringXSS, CSRF, Clickjacking,
Brute-Force
Browser & Add-on Exploits
Brute-Force, 0-Day Exploits
Attacker
![Page 8: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/8.jpg)
Attack Vectors
Unknown
InternalUsers
ExternalUsers
Nation States, Crime Organizations,
Professional Hackers or Hacking Platforms
Thre
at A
ssu
mp
tio
ns
Known Internal Employees with Access
Normal Hackers, “Script Kiddies”, Whistleblowers or Disgruntled Employees
![Page 9: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/9.jpg)
PROACTIVE PROTECTION
![Page 10: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/10.jpg)
PROACTIVE PROTECTION
Infrastructure Audit
Physical Server Access, Firewall Security and
Exploit Checking
Security Access Audit
Penetration Test Pro
tect
ion
User and Security Permissions, Access
Control Flow and Permission Inheritance
External and Internal Attacking
![Page 11: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/11.jpg)
PROACTIVE PROTECTION
Infrastructure Audit Operating System
Database Servers
Application Configuration
Patching
Errors & Issues
Version, Roles and enabled Services.
Minimize Footprint.
TCP / UDP Port Checking, Browser Service,
Encryption and Account Permissions
Security Patches and Cumulative / Service Packs
as Needed
Stored Credentials, Connection Strings and Anonymous Functions
Event Viewer, Logs and Debugging Tools
![Page 12: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/12.jpg)
PROACTIVE PROTECTION
Security Access AuditAuthentication
Authorization
Account Configuration
Internal / External Access
Permissions
Authentication approach, standard NTLM, Forms or
Federation
Controlled using Security Groups, Site Groups or Pre-Authorized at Edge
Access Control Flow, separate paths for Internal
versus External
Password Policies as well as Security Group
Memberships
Inherited or Unique Permissions. Global or
Specific Access.
![Page 13: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/13.jpg)
PROACTIVE PROTECTION
Penetration Test Network Level Access
Core Services
Internal Access
External Access
Application Specific
Services visible on the network, controlled network path access
Enumerate Services and Fingerprinting
Firewall Access Control Brute Forcing, or Malformed traffic
Normal user access, to pivot other systems
Application Backdoors or misconfiguration to allow
access
![Page 14: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/14.jpg)
PROACTIVE ASSURANCE
![Page 15: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/15.jpg)
PROACTIVE ASSURANCE
Infrastructure Audit Security Access Audit Penetration Test
Protection
Physical Server Access,
Firewall Security and Exploit
Checking
User and Security Permissions, Access
Control Flow and Permission Inheritance
External and Internal Attacking
3 Pillars
![Page 16: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/16.jpg)
PROACTIVE ASSURANCE
Harden Operating System
Harden SQL Servers
Reduce Surface Area of Attack
Whitelist / Blacklist Processes
Limit Administration Access
Enabled Required RolesDisable Unused Services
Multiple InstancesBlock Standard PortsUse BitLockerUtilize TDE EncryptionEncrypt ConnectionsServer Isolation
Firewall PoliciesGroup PoliciesAppLocker Policies
Use BitLockerEncrypt Connections (SSL)
Server Isolation
Separate AdministratorsControl Password ListLimit Domain Admins
![Page 17: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/17.jpg)
Netwrix AuditorVisibility platform for user behavior analysis
and risk mitigation
![Page 18: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/18.jpg)
About Netwrix Auditor
A visibility platform for user behavior analysis and risk mitigation
that enables control over changes, configurations, and access in hybrid IT environments.
It provides security intelligence to identify security holes, detect anomalies in user behavior
and investigate threat patterns in time to prevent real damage.
Netwrix Auditor
![Page 19: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/19.jpg)
Netwrix Customers
Financial Healthcare and Pharmaceutical
Federal, State & Local Government Education
Industrial and Technology Business Services
![Page 20: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/20.jpg)
Netwrix Auditor for SharePoint
• Changes to farm configuration, user content and
security, permissions, group membership, security
policies
• Read access auditing
• State-in-time information on permissions
• Sensitive data discovery
Netwrix Auditor for
Active Directory
Netwrix Auditor for
Windows File Servers
Netwrix Auditor for
Oracle Database
Netwrix Auditor for
Azure AD
Netwrix Auditor for
EMC
Netwrix Auditor for
SQL Server
Netwrix Auditor for
Exchange
Netwrix Auditor for
NetApp
Netwrix Auditor for
Windows ServerNetwrix Auditor for
Office 365
Netwrix Auditor for
SharePoint
Netwrix Auditor for
VMware
Netwrix Auditor for
Network Devices
![Page 21: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/21.jpg)
Visibility into SharePoint Permissions
See who has access to what on your SharePoint
![Page 22: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/22.jpg)
Tighten access around sensitive data and enforce the least privilege principle
Prove to auditors that you are able to control access to sensitive data
Create a more manageable and transparent SharePoint environment
SharePoint is infamous for its complicated permissions layout, which is nearly impossible to untangle
using only native tools. Seeing who has access to what enables companies to:
Why Do You Need Visibility into SharePoint Permissions?
![Page 23: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/23.jpg)
How Can You Use Visibility Into SharePoint Permissions?
Analyze permissions to site collections with sensitive data
Align user privileges with their responsibilities
Identify broken inheritance
![Page 24: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/24.jpg)
Demonstration
Netwrix Auditor
![Page 25: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/25.jpg)
Useful Links
Free trial: Set up Netwrix Auditor in your own test environment netwrix.com/auditor9.7
Virtual appliance: Get Netwrix Auditor up and running in minutes netwrix.com/go/appliance
In-browser demo: Run a demo right in your browser with no need to install anything
netwrix.com/go/browser_demo
Contact Sales to obtain more information: netwrix.com/contactsales
Webinars: join our upcoming webinars and watch the recorded sessions
netwrix.com/webinars
netwrix.com/webinars#featured
![Page 26: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/26.jpg)
Questions?
![Page 27: The 3 Pillars of SharePoint Security · Attacking. PROACTIVE PROTECTION Infrastructure Audit Operating System Database Servers Application ... Fingerprinting Firewall Access Control](https://reader034.fdocuments.in/reader034/viewer/2022042302/5ecd030e36a47132e852a45a/html5/thumbnails/27.jpg)
www. .com
Thank you!
Liam ClearyCEO/OwnerSharePlicity
Jeff MelnickSystems EngineerNetwrix Corporation