Share via


Choose your security environment (Windows SharePoint Services)

Applies To: Windows SharePoint Services 3.0

 

Topic Last Modified: 2009-04-15

Use this article to identify the security environment that most closely matches your intended use of Windows SharePoint Services 3.0.

The security guidance that is recommended for your organization depends on the environment. This article describes the following four security environments:

  • Internal team or department

  • Internal IT-hosted

  • External secure collaboration

  • External anonymous access

Review the description for each environment and identify the one that most closely matches your environment.

Internal team or department

Security guidance for an internal team or department environment within a larger organization focuses on recommending practical security configurations and settings for a team or department that uses Windows SharePoint Services 3.0 for collaboration.

This environment is a one- or two-server deployment in which the servers are not hosted by the primary IT team within the organization. Although the guidance for this environment requires some IT knowledge, it is not necessary for server farm administrators to be IT specialists.

The guidance for the internal team or department environment relies on the security of the overall network environment. Many of the default settings are intended to be used with this environment.

This environment is not intended for multiple teams or projects where secure isolation of content is required. If your team or department requires secure isolation of content, a greater number of servers, or a greater level of security than is provided by your overall network environment, use the guidance for the internal IT-hosted environment.

If your environment most closely matches the internal team or department environment, go to the article Plan secure configurations for Windows SharePoint Services features.

Internal IT-hosted

An internal IT-hosted environment is one in which an IT team hosts Web applications and sites for multiple teams and departments in an organization. Security guidance for this environment focuses on:

  • Securing a server farm environment, including isolating content between groups.

  • Securing server-to-server communication and client-server communication.

  • Hardening servers for specific server roles.

  • Securely configuring features.

Guidance for this environment assumes that all servers reside within a single internal network.

If your environment most closely matches the internal IT-hosted environment, go to Plan server farm security (Windows SharePoint Services). The three articles in this chapter describe designing solutions for security, securing server-to-server communication and client-server communication, and hardening servers for specific roles.

External secure collaboration

An external secure collaboration environment is one in which content is hosted in an extranet so that contributors who do not have general access to your corporate network can collaborate on content. This environment enables external partners to participate in a workflow or to collaborate on content with employees in your organization. This environment is also intended to support remote employee access, where employees who are working from home or traveling can gain access to sites and data without logging on to the corporate network.

Security guidance for this environment focuses on:

  • Isolating Web applications or content to ensure that users can view or have access to only the projects on which they are authorized to work.

  • Authenticating and securing communication between contributors and the server farm.

Protecting database servers from direct user interaction and securing the server farm against risks associated with hosting Internet-facing servers.

If your environment most closely matches the external secure collaboration environment, go to Plan server farm security (Windows SharePoint Services). The three articles in this chapter describe designing solutions for security, securing server-to-server communication and client-server communication, and hardening servers for specific roles.

External anonymous access

An external anonymous access environment is one which allows anonymous access to content from the Internet while protecting the server farm from the risks associated with hosting Internet-facing servers. This environment can include multiple farms for testing, staging, and publishing content.

Security guidance for this environment focuses on:

  • Making content anonymously available.

  • Securing communication between farms when content is deployed to the publishing farm.

  • Ensuring that content caching does not expose sensitive data.

  • Protecting database servers from direct user interaction and securing the server farm against risks associated with hosting Internet-facing servers in an anonymous environment.

If your environment most closely matches the external anonymous access environment, go to Plan server farm security (Windows SharePoint Services). The three articles in this chapter describe designing solutions for security, securing server-to-server communication and client-server communication, and hardening servers for specific roles.

Download this book

This topic is included in the following downloadable book for easier reading and printing:

See the full list of available books at Downloadable books for Windows SharePoint Services.