Sharepoint Security for Advanced apps

SharePoint Security
From Server/Network Hardening to ADFS

Security

ADFS

FBA

SharePoint Apps Security

Advanced Security & ADFS

Some situations require advanced security configurations for password management, single sign-on, two-way Active Directory sync, user management policies, and federated security frameworks. Having properly managed security is the only way to keep content trimmed to those who should have access, and to ensure users are not experiencing unproductive time due to inability to access a misappropriated area.

We Can Help With:

Content-specific security
Role-based as well is individual security
Collaboration security
Cross Team
Cross Organization
Cross Company
Specific permission sets for types of access and functionality

SharePoint publishing typically uses a reverse proxy to act as a secure endpoint for SharePoint. The primary purpose of this device or software-based application is to carry out pre-authentication of connections to authenticate users first, and then only allowing authenticated users to access SharePoint. It essentially stops anonymous users gaining access to the servers hosting SharePoint without first being authenticated.

Related software:

Our Simple Account Manager makes management of security accounts easier!

Server/Farm Security Hardening

Microsoft has established best practices that can lock a farm down to whatever extent is desired. We have expertise in this and have met high standards through clients penetration testing.

How We Can Help:

Configure the Security Configuration Wizard using policies from the “SharePoint Administration Toolkit"
Lock Down Identity Viewing for a Site
Harden SQL & SharePoint Server
Block standard ports & use non-standard ports
Change protocols & port bindings
Enable automatic password changes for service accounts
Configure least-privileged administration

SharePoint Hardening

Is SharePoint secure? We hear that question a lot. It needs hardening for public website usage. It can be hardened sufficiently to have multiple web apps on the same farm used for intranet, extranet, and public site. A methodical approach can lock it down and withstand any penetration test. The weak point is within the sloppy administration. Following best practices can solve nearly all of that.

Surface area reduction is a security measure that involves stopping or disabling unused components. Surface area reduction helps improve security by providing fewer avenues for potential attacks on a system.

Securing SQL Server can be viewed as a series of steps, involving four areas: the platform, authentication, objects (including data), and applications that access the system.

ADFS Security Configurations

You need ADFS when you want your staff to authenticate to your domain's active directory and then be able to log into an external SharePoint portal seamlessly. Microsoft's Active Directory Federation Service (ADFS) provides secure, federated identity management for SharePoint hosted at remote locations and uses your internal active directory for all your users for single sign-on (SSO).

Our Services Include:

Configure SharePoint Web Applications
Install and Configure ADFS
Create a relying party trust
Configure constrained delegation
Publish SharePoint Web Applications in WAP
Verify external access to SharePoint Web Applications

Benefits of ADFS

Web single sign-on (SSO)
AD FS provides Web SSO to federated partners outside your organization, which enables their users to have an SSO experience when they access your organization’s Web-based applications.
Interoperability
AD FS provides a federated identity management solution that interoperates with other security products that support the WS-* Web Services Architecture. AD FS follows the WS-Federation specification (for passive clients; that is, browsers), which makes it possible for environments that do not use the Windows identity model to federate with Windows environments.
Partner user account management not required
The federated partner's Identity Provider (IP) sends claims that reflect its users' identity, groups, and attribute data. Therefore, your organization no longer needs to revoke, change, or reset the credentials for the partner's users, since the credentials are managed by the partner organization. Additionally, if a partnership needs to be terminated, it can be performed with a single trust policy change. Without AD FS, individual accounts for each partner user would need to be deactivated.
Claim mapping
Claims are defined in terms that each partner understands and appropriately mapped in the AD FS trust policy for exchange between federation partners.
Centralized federated partner management
All federated partner management is performed using the AD FS Microsoft Management Console (MMC) snap-in.
Extensible architecture
AD FS provides an extensible architecture for claim augmentation, for example, adding or modifying claims using custom business logic during claims processing. Organizations can use this extensibility to modify ADFS to finally support their business policies.

What is FBA?

Companies utilize forms-based authentication (FBA) with Internet-facing portals so that partners, clients, or board members don't require an active directory account. User identities are stored in a Microsoft SQL Server database.

Our Services Include:

FBA Configuration
Beautiful authentication forms that match your branding
Web parts for registering users, changing passwords, and password recovery
Tools for managing users and for approving registrations

If you want to share information between users who are within the corporate domain and external users, we can extend your SharePoint Web application to create an extranet-facing access point.

Samples of Our FBA Forms

Example FBA Forms

FBA that is Simple to Manage

Simple is good when it comes to security infrastructure management ...

Our SharePoint Managed Services

Sustaining return on value from SharePoint can be a challenge for many organizations. A combination of business analysis, architecture, development and training skills are needed to maximize adoption and drive value. This is an expensive proposition for employees.

SimpleSharePoint can be your dedicated SharePoint support and advisor. We'll invest in understanding your business goals and align them to a strategic roadmap that ensures continuous innovation. Our SharePoint methodology can save users an average of 30 minutes per day. That's a $125,000 cost savings per year for a 1,000-person company.

SharePoint Managed Services

Microsoft Gold Partner SharePoint Consultants