A Microsoft Office Sharepoint Server (MOSS) administrator has two primary security concerns:
- Securing MOSS servers
- Protecting MOSS data
A MOSS environment and especially its servers must be protected against both internal and external threats. Some of the best practices you can follow are:
- Restrict console logon to administrators only
- Consider eliminating hardware that uses removable media
- Use complex passwords. A complex password consists of eight or more characters and is a mix of upper- and lowercase letters, numbers, and symbols
- Don’t allow existing passwords to be reused
- Consider implementing an account lockout policy to limit the effectiveness of a hacker guessing passwords through brute force
- Restrict BIOS access with a password
- Disable unused services. By default, all MOSS web front-end and applications servers run the following services:- Office MOSS Server Search
- Windows MOSS Services Administrator
- Windows MOSS Services Search
- Windows MOSS Services Timer
- Windows MOSS Services Tracing
- Windows MOSS Services VSS Writer - Adhere to the principle of “least privilege.” (Least privilege assigns the minimum permissions to a user to accomplish their job duties.)
- Use the run as command to temporarily elevate your standard account to perform administrative tasks.
- Use auditing to log successful and failed access to sensitive or confidential files.
0 responses so far
There are no comments yet...Kick things off by filling out the form below.
You must log in to post a comment.