RE: Share Point?
From: John Davis (jdavis96_at_msn.com)
Date: 05/09/03
- Previous message: Corey Flood: "RE: Share Point?"
- Maybe in reply to: Derek Schaible: "Share Point?"
- Next in thread: Brian W. Spolarich: "RE: Share Point?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: phillip.roberts@thomson.net, focus-ms@securityfocus.com Date: Fri, 09 May 2003 13:45:29 -0700
Sharepoint actually has the ability to use either Domain logins or locally
created logins. The local accounts can be set via a template. You don't need
a Domain Controller or any other server to run Sharepoint Team Services if
you dont want to. It can run standalone with nothing else.
I have not used the document but the following was found in a search on
Technet.
http://www.microsoft.com/technet/prodtechnol/sharepnt/maintain/stssecur.asp
---- John Davis Information provided in this mail is "As is" Without warranty representation or condition of any kind, either express or implied including but not limited to conditions or other terms of merchantability and/or fitness for a particular purpose. The user assumes the entire risk as to the accuracy and the use of this e-mail. >From: "Roberts Phillip (IBM)" <phillip.roberts@thomson.net> >To: "'focus-ms@securityfocus.com'" <focus-ms@securityfocus.com> >Subject: RE: Share Point? >Date: Fri, 9 May 2003 13:01:25 -0500 > >Couldn't you make that server its own PDC/Domain within the DMZ in order to >avoid this as an issue? > >-----Original Message----- >From: Matt Andreko [mailto:mandreko@ori.net] >Sent: Friday, May 09, 2003 11:25 AM >To: 'Derek Schaible'; focus-ms@securityfocus.com >Subject: RE: Share Point? > > >Be sure to make a note that Sharepoint (at least sharepoint team >services) uses local users. It does not use some authentication >database or anything. If you tell it to create a new user for the site, >or if the site allows a user to sign up, that user has an NT password on >the system. This could help in establishing a privilege escalation >exploit. > >Normally the local users are pretty stripped down, but it could be used >with an exploit of some sort that requires little privilege. > > > >-----Original Message----- >From: Derek Schaible [mailto:dschaible@cssiinc.com] >Sent: Friday, May 09, 2003 8:33 AM >To: focus-ms@securityfocus.com >Subject: Share Point? > > >Greetings List, > >I have a customer who wants to place sharepoint in a DMZ for outside >clients to access documents. It is their intent to place all of their >data regarding a project on the SharePoint server and use that as the >single point of storage for this project. Meaning, everyone on the team >uses this one share in the DMZ. > >Does this sound safe? Has anyone here tested Share Point's security? >I'm sure this isn't the first time someone has needed to do something >like this, how have some of you handled this scenario? > >I appreciate anyone's input on this matter and any advice at all is >welcome! > >Thanks, >Derek > > >------------------------------------------------------------------------ >----- >FastTrain has your solution for a great CISSP Boot Camp. The industry`s >most >recognized corporate security certification track, provides a >comprehensive >prospectus based upon the core principle concepts of security. This ALL >INCLUSIVE curriculum utilizes lectures, case studies and true hands-on >utilization >of pertinent security tools. For a limited time you can enter for a >chance >to win one of the latest technological innovations, the SEGWAY HT. >Log onto http://www.securityfocus.com/FastTrain-focus-ms >------------------------------------------------------------------------ >------ > > > >---------------------------------------------------------------------------- >- >FastTrain has your solution for a great CISSP Boot Camp. The industry`s >most > >recognized corporate security certification track, provides a comprehensive >prospectus based upon the core principle concepts of security. This ALL >INCLUSIVE curriculum utilizes lectures, case studies and true hands-on >utilization >of pertinent security tools. For a limited time you can enter for a chance >to win one of the latest technological innovations, the SEGWAY HT. >Log onto http://www.securityfocus.com/FastTrain-focus-ms >---------------------------------------------------------------------------- >-- > >----------------------------------------------------------------------------- >FastTrain has your solution for a great CISSP Boot Camp. The industry`s >most >recognized corporate security certification track, provides a comprehensive >prospectus based upon the core principle concepts of security. This ALL >INCLUSIVE curriculum utilizes lectures, case studies and true hands-on >utilization >of pertinent security tools. For a limited time you can enter for a chance >to win one of the latest technological innovations, the SEGWAY HT. >Log onto http://www.securityfocus.com/FastTrain-focus-ms >------------------------------------------------------------------------------ > _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail ----------------------------------------------------------------------------- FastTrain has your solution for a great CISSP Boot Camp. The industry`s most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-focus-ms ------------------------------------------------------------------------------
- Previous message: Corey Flood: "RE: Share Point?"
- Maybe in reply to: Derek Schaible: "Share Point?"
- Next in thread: Brian W. Spolarich: "RE: Share Point?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
