looking for some tips

[drublic1019]

I am working on making my WSS w/ reporting services web parts extranet. I am looking from some tips on securing the site as there can be very sensitive data. I am using IIS 6.o and I have issued a go daddy cert with 128 encryption. I am planning on publishing the site through ISA 2006. Basically any tips you guys could give me to make things more secure would be great. Thanks.

 

[Stevehewitt]

To answer your question, it's a simple case of common sense security. There's nothing special as it's a SharePoint site.

Make sure that every port is closed that isn't needed (so just have port 443 open), make sure that the SSL is installed correctly, and authentication is setup to use the strongest credentials you can. E.G. Windows logon so nothing is clear text.

Keep the server updated and patched, AV scanner, and if you have an IDS - check it's setup. Monitor the logs and that's pretty much it.

Can I ask you a question too? I have MOSS2007 installed and working fine on a deciated single server. (All roles on one box) All working great as an internal intranet, however I also want to get it accessible from the web for our remote users.
How do you go about getting SSL setup on MOSS2007? Is it any different that if I was doing it to a standard website? E.G. Configuration in SharePoint needs to be told that it should expect stuff using HTTPS as well as HTTP? (Other than the usual stuff in IIS?!)

Thanks,




Steve.

"They have the internet on computers now!" - Homer Simpson