Advertisements

Secure Your SharePoint Extranet!


Or any extranet really… I presented tonight at the Baltimore SharePoint Users Group on Planning and Configuring Extranets in SharePoint 2010, and had the idea to make a quick post like this.

If you are opening your organizations virtual doors to the outside world, please, please,  PLEASE, only open up port 443, and use a secure certificate (or Secure Sockets Layer certificate), a/k/a, SSL certificate, to secure it.

Even if you do not have anything resembling a budget – you can still be secure. GoDaddy offers SSL certificates for as little as $12.99 – just use this link.

Why? Well… take this scenario. Say you are connecting to your extranet from a café, and they do not have a secure WiFi setup, and you can just connect and browse. I bet you that somewhere in there, there is some pimply kid with his Macbook his parents bought him, in his Misfits T-Shirt, sniffing the unsecured WEP network, and watching you log into your Forms Based Authentication extranet, over an unencrypted port 80. Not only does he see the URL you are visiting, and your username and password. He can also see everything you do. Confidential documents, payroll information – you name it. And there you go, your company’s data has been breached.

Now, if you take the extra time, and spend a few dollars – this would not have happened. SSL encrypts the connection from the end user’s browser, all the way to the server, so all the pimply faced hacker would see is just gobbledygook.

So a login session may just look like this (encrypted using SSL):

OIHP(@Q*YPR*Y@*(Y@C*(YR(*@YUP&@G&*T(*@&^$&@()&*CNHUSHLKSJLSHGLRWCTBLSUGL*r(*n^N(*#9693r562095876209387652097cUYTOIWESOFIY#3tyiuGi IWOLIWJdILW#T&@RLIU@HDIWUYR(Q*&#@yrOiu32H  lu hr*#@y*ry b@r*hsdiu wOIU8H9WQ83H RL iuliug # iqq&*g(iU3RG qiu

That looks a lot better than this (unencrypted – not using SSL):

http://intranet.mytopsecretcompany.comJohnSmithPass@word1secretdocument1.txt012-34-5678

While I do not have specific details, certificate providers also can actually insure your SSL certificates, in case a data breach does take place. GoDaddy, Network Solutions, GeoTrust, Thawte, etc. Look around, find what is right for you. And secure your extranet. Not tomorrow, but NOW. Pay for some security, it is worth it to pay money up front and be secure, than be involved in lawsuits, and corporate losses, all due to a yearly fee of up to a couple of hundred dollars. Protect your company, protect yourself, and protect your clients.

Advertisements

About Geoff Varosky
Geoff Varosky is a Senior Architect for BlueMetal Architects, based out of Watertown, MA. He has been architecting and developing web based applications his entire career, and has been working with SharePoint for the past 13 years. Geoff is an active member of the SharePoint community, Co-Founder and Co-Organizer of the Boston Area SharePoint Users Group, co-founder for the Boston Office 365 Users Group, co-organizer for SharePoint Saturday Boston and speaks regularly at SharePoint events and user groups.

4 Responses to Secure Your SharePoint Extranet!

  1. Pingback: SharePoint Daily » Blog Archive » SharePoint 2010 Deployments Increasing; Microsoft Q1 Sales Beat Estimates; Building a Mobile Enterprise

  2. An excellent post, you have shared some valuable info here.. Thanks

  3. Dustin says:

    I was there for your presentation at the Baltimore SharePoint Users’ Group. Good stuff 🙂 Do you have that slide-deck posted anywhere?

    Thanks,
    @SparkDustJoe

    • Dustin – thanks for attending! Sorry I am a little slow on response to comments, I still have hundreds to wade through! I do not have the specific presention from Baltimore up here, but, here is the same deck:

      Thanks again for attending!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: