As our information era evolves, the need to secure your data is crucial. Don't get us wrong, SharePoint is secure! But, if doing the headlines for some sensible information leak isn't in your PR plan, you should definitely take a look at these 10 things you can do to make sure your SharePoint is as secure as can be.
Find the elaborate version of these indispensable Tips to secure your SharePoint environment in the full article.
10 ways to a more Secure SharePoint - a little bit more info
1. Run the Microsoft Security Tool
Take time to run Microsoft's Assessment tool. Once that's done, go ahead and use the Best Practice Security Analyzer Tool, offered by Microsoft. It's worth the time and will help you get started.
2. Windows Services
One thing I learned is if you don't need specific Windows Services, don't enable them. You should only use them when absolutely needed. It's an easy way to prevent a security breach.
3. SharePoint Services
The same goes for SharePoint Services. You should only activate them where you want them to run. Nothing more. This will also greatly improve your SharePoint's performance.
4. Check the Domain or Administration Permission
One way of not putting your SharePoint farms at risk is to create multiple Service Accounts that simply won't have Server or Domain Administration Permissions. This way, if something goes wrong and one of them is compromised, the rest of your SharePoint Farm will be fine.
5. We like DNS URLs
For your access, do not use Server names. You should always use DNS URLs for everyone and everything. Giving away server names will only help them target their attacks. Also, I strongly recommend always using Alternate Access Mapping.
6. 80, 443 ports
You should always use common HTTP ports for access (like 83 or 443). If you have a firewall, let it do its job. All the accesses can be controlled through there.
7. Windows Server Firewall is there for a reason
Please, do not disable it. It works really well and the configuration is pretty easy. It's a built-in software that will protect your server from within.
8. "ViewFormPagesLockDown" Features
How can you attack something you don't know exists? This features allows you to lockdown all system pages and all site content. You should absolutely use it.
9. Firewall, Firewall and Firewall!
Protect yourself from unwanted external entry pointsby simply using firewall rules. Opening ports should only be done if necessary (for visitors or SharePoint services) and if connected in a hybrid scenario through the cloud.
10. Manage SharePoint Permissions
Initially, SharePoint is secure. It usually gets messy because of what we do with it. Make sure you're always careful with the Permission Levels you allow to groups or users. Give them permissions only at necessary levels (Farms, Service, Site Collections, etc.).