Securing Extranet Communication for Sharepoint (MOSS 2007)

Is there a guide or "best practices list" that will help secure Sharepoint (MOSS 2007) for extranet use?  I gather that at a minimum, I'll want antiviral protection, lock down all unecessary ports, and an SSL Cert, but beyond that I'm sure what else I need (I'd prefer a non-vpn solution).  I am particularly interested in securing communication between SQL server 2008 and MOSS 2007.  

My setup is:

- MOSS 2007
- Windows Server 2008 standard
- SQL server 2008 standard
- all software is running on the same box

Thank you for taking the time!

 
LVL 8
npinfotechAsked:
Who is Participating?
 
Khurram Ullah KhanCommented:
one of the alternative is Portal protect from Trend micro i would recommend only these two, there are other also but i havnt tried. Forefront for sharepoint will provide upload and download scanning and also some other features you can find details on below link
http://www.microsoft.com/forefront/serversecurity/sharepoint/en/us/faq.aspx

yes you can change the default port by using SQL 2005 configuration manaager. SQL will ony accept authenticated and authorized connections all other connections SQL will automatically reject.
0
 
Khurram Ullah KhanCommented:
Following is an excellent link discussing MOSS security
http://blogs.msdn.com/joelo/archive/2007/06/29/sharepoint-groups-permissions-site-security-and-depreciated-site-groups.aspx
For portal AV you can us MS forefront for sharepoint
The communication between SQL 2008 and MOSS only required SQL port(1433) to be opened.
0
 
npinfotechAuthor Commented:
Thank you for your response.

That article deals with permissions mainly, and in detail, thank you!  

As far as forefront goes, are there any alternatives?  I am looking for basic protection on file upload/download to libraries and lists.  Would you also be able to go into a little more detail into what forefront protects against, and what it doesn't?

On the communication with SQL, is there a way to have the SQL server only communicate with MOSS and kill all outside requests?  Is there also a way to change the default communication port between them?  
0
 
npinfotechAuthor Commented:
Thank you khurramullah.

Does anyone else have any insights?
0
 
npinfotechAuthor Commented:
Thank you
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.