Solved

Sharepoint 2007

Posted on 2014-03-12
11
373 Views
Last Modified: 2014-03-20
Hello

Windows Server 2003 which we host SharePoint 2007 for our internal users. I have been asked can we make this also an extranet?

I add in alternate access mapping https://name.com  

no luck

regards,
0
Comment
Question by:jwc1972
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 27

Expert Comment

by:Steve
Comment Utility
Have you added the appropriate port forward through your firewall/router?
0
 
LVL 37

Assisted Solution

by:Bing CISM / CISSP
Bing CISM / CISSP earned 167 total points
Comment Utility
1. the server must be accessible by IP address from the extranet. that can be done by enabling routing or port forwarding depending on your netowork topology and configuration.

2. the host's FQDN must be also resolvable by extranet or internet DNS servers, thus the external hosts can access your SharePoint server by name.
0
 

Author Comment

by:jwc1972
Comment Utility
hi,

Is that Port 443? is that done in IIS SharePoint ?
At the moment I only have TCP 80 open
Do I create a new iis site or just add port 443 to sharepoint website?
0
 
LVL 27

Expert Comment

by:Steve
Comment Utility
if you are using https, then you need to open port 443 through your firewall/router to the sharepoint server's internal IP (usually known as a NAT rule)

If you are using http (which isn't very secure) you can just forward port 80.
0
 
LVL 35

Assisted Solution

by:Bembi
Bembi earned 333 total points
Comment Utility
Keep all the time in mind the chain....
Clinet connects to firewall, i.e. 443
Firewall has to forward to internal server (either the traffic is just passed through or the firewall initiates a new connetion on http or https....
IIS has to listen on the request of the firewall
Access mapping tells the sharepoint, that it has to take the traffic for that URL.

If you deal with https, you also have to keep certificates in your mind. IIS has a certificate, which has to be resolved by the firewall (if a new connection is made) or by the client (if the firewall passes the traffic through. If the firewall initiates a new connection to sharepoint, the firewall need also a certificate to the outside world which has to be resolved by the client.

In the first step I would first try to work without https to make sure, the traffic passes at all (more easier). In the second step, you secure the connection with SSL / HTTPS with certificates. If it should be Extranet (so for every user) you need also public certificates.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:jwc1972
Comment Utility
Excellent answers,

Is there anything else I would need to do on the central admin site ?
0
 
LVL 35

Expert Comment

by:Bembi
Comment Utility
In central admin only the access mapping has to be set...
This tells sharepoint, on which request to listen and how to translate the links.

All other settings are native request handling, that means you have to make sure, that the request can reach sharepoint.
0
 

Author Comment

by:jwc1972
Comment Utility
Thanks Bembi

Another question is this safe? or do we need an isa gateway before we expose SharePoint to the world?

By opening this ports to allow SharePoint to be externally facing, this may reduce the level of security of SharePoint making the data contained in the sites less secure my boss asked? Also If we were to continue to make these SharePoint changes, this is highly likely to fail penetration tests and this would be flagged as a major risk ?
0
 
LVL 35

Accepted Solution

by:
Bembi earned 333 total points
Comment Utility
A system can only be such safe as the users allow, which publish the content. If you make a Sharepoint available to the public, a client outside your network passes several security stages to get the content.
a.) The firewall
Basicly th firewall opens ports to access sharepoint physically.
Post 80 is unsecure, port 443 (SSL) encrypts communication.
SSL is the minimum level for public communication.
b.) Autehntication
Which user is allowed to communicate? All anonymous users or only member of the company?. Some authentication levels can secure the communication, i.e certificate based communication / authentication to keep out unwanted users. Every cleint gets a certificate from the company and the certificate is checked, before a firewall allows the communication.
c.) NAP (Network Access protection) to setup rules, which clients can connect. You can define policies for client verification.
d.) Logon condition, i.e. only domain user or basic authentication (user / password).
e.) Access permissions in sharepoint.

The basic target is, to allow only authorisized user to reach sharepoint at all. If you allow anonymous user, I would place a public sharepoint into a DMZ and seperate it from inernal content. Even sharepoint is cabable tzo protet the content, it is a question of the responsibility of the users.
A sharepoint for company members can be secured by lot of methods to keep unwanted users out.  

A huge topic by its own, but possible.

ISA is not necessarily needed, ever good firewall has a lot of possibilities to check the clients before they get access to sharepoint. But  huge topic to discuss her, as there are several stages with advantages and disadvantages.
0
 

Author Comment

by:jwc1972
Comment Utility
I've requested that this question be closed as follows:

Accepted answer: 167 points for Bembi's comment #a39940674
Assisted answer: 167 points for totallytonto's comment #a39926346
Assisted answer: 166 points for Bembi's comment #a39927597
Assisted answer: 0 points for jwc1972's comment #a39940526

for the following reason:

Excellent answer
0
 

Author Closing Comment

by:jwc1972
Comment Utility
Excellent Answers Very clear answers in what is need to complete this project

cheers
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

The vision: A MegaMenu for a SharePoint portal home page The mission: Make it easy to maintain. Allow rich content and sub headers as well as standard links. Factor in frequent changes without involving developers or a lengthy Dev/Test/Prod rel…
We had a requirement to extract data from a SharePoint 2010 Customer List into a CSV file and then place the CSV file into a directory on the network so that the file could be consumed by an AS400 system. I will share in Part 1 how to Extract the Da…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now