RE: Share Point?

From: Roberts Phillip (IBM) (phillip.roberts_at_thomson.net)
Date: 05/09/03

Next message: Matt Andreko: "RE: Share Point?"

Previous message: Jamey Maze: "RE: Timbuktu, etc."
Maybe in reply to: Derek Schaible: "Share Point?"
Next in thread: Corey Flood: "RE: Share Point?"
Reply: Corey Flood: "RE: Share Point?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'focus-ms@securityfocus.com'" <focus-ms@securityfocus.com>
Date: Fri, 9 May 2003 13:01:25 -0500

Couldn't you make that server its own PDC/Domain within the DMZ in order to
avoid this as an issue?

-----Original Message-----
From: Matt Andreko [mailto:mandreko@ori.net]
Sent: Friday, May 09, 2003 11:25 AM
To: 'Derek Schaible'; focus-ms@securityfocus.com
Subject: RE: Share Point?

Be sure to make a note that Sharepoint (at least sharepoint team
services) uses local users. It does not use some authentication
database or anything. If you tell it to create a new user for the site,
or if the site allows a user to sign up, that user has an NT password on
the system. This could help in establishing a privilege escalation
exploit.

Normally the local users are pretty stripped down, but it could be used
with an exploit of some sort that requires little privilege.

-----Original Message-----
From: Derek Schaible [mailto:dschaible@cssiinc.com]
Sent: Friday, May 09, 2003 8:33 AM
To: focus-ms@securityfocus.com
Subject: Share Point?

Greetings List,

I have a customer who wants to place sharepoint in a DMZ for outside
clients to access documents. It is their intent to place all of their
data regarding a project on the SharePoint server and use that as the
single point of storage for this project. Meaning, everyone on the team
uses this one share in the DMZ.

Does this sound safe? Has anyone here tested Share Point's security?
I'm sure this isn't the first time someone has needed to do something
like this, how have some of you handled this scenario?

I appreciate anyone's input on this matter and any advice at all is
welcome!

Thanks,
Derek

------------------------------------------------------------------------
-----
FastTrain has your solution for a great CISSP Boot Camp. The industry`s
most
recognized corporate security certification track, provides a
comprehensive
prospectus based upon the core principle concepts of security. This ALL
INCLUSIVE curriculum utilizes lectures, case studies and true hands-on
utilization
of pertinent security tools. For a limited time you can enter for a
chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-focus-ms
------------------------------------------------------------------------
------

----------------------------------------------------------------------------
-
FastTrain has your solution for a great CISSP Boot Camp. The industry`s most

recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL
INCLUSIVE curriculum utilizes lectures, case studies and true hands-on
utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-focus-ms
----------------------------------------------------------------------------

--
-----------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry`s most 
recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-focus-ms
------------------------------------------------------------------------------

Next message: Matt Andreko: "RE: Share Point?"

Previous message: Jamey Maze: "RE: Timbuktu, etc."
Maybe in reply to: Derek Schaible: "Share Point?"
Next in thread: Corey Flood: "RE: Share Point?"
Reply: Corey Flood: "RE: Share Point?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Share Point?
... I'd look at using ISA Feature Pack 1 to Web publish the Sharepoint ... I have a customer who wants to place sharepoint in a DMZ for outside ... Has anyone here tested Share Point's security? ... This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization ...
(Focus-Microsoft)
RE: LANguard vs Nessus
... prospectus based upon the core principle concepts of security. ... This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization ... of pertinent security tools. ... For a limited time you can enter for a chance ...
(Security-Basics)
RE: block internet at two workstations :VSMail mx1
... > Data Security Administrator ... > FastTrain has your solution for a great CISSP Boot Camp. ... > INCLUSIVE curriculum utilizes lectures, ... For a limited time you can enter for a chance ...
(Security-Basics)
RE: Share Point?
... Has anyone here tested Share Point's security? ... prospectus based upon the core principle concepts of security. ... INCLUSIVE curriculum utilizes lectures, ... For a limited time you can enter for a ...
(Focus-Microsoft)
RE: p2p and ISA
... End Users can't install what they don't have access to. ... > recognized corporate security certification track, ... This ALL INCLUSIVE curriculum utilizes lectures, ... For a limited time you can enter ...
(Focus-Microsoft)