Welcome to ISAserver.org

Sharepoint 2010 website

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Forefront Unified Access Gateway 2010] >> General >> Sharepoint 2010 website

Page: [1]

Message

<< Older Topic Newer Topic >>

Sharepoint 2010 website - 15.Dec.2010 9:25:26 AM

ljones10

Posts: 100
Joined: 14.Oct.2008
Status: offline

Hi Guys,

Is it secure to publish a sharepoint 2010 website to the outside world only using IIS 7.5 for the publishing? The data that will be stored will be freely avalible in the public domain. This has been proposed by our applications team onsite with no mention of any application level firewall control. The only firewall controls centrally will be from the corporate layer 2/3 cisco firewall. All the documentation i have looked at suggests using either TMG or UAG.

Any help would be much appreciated.

Lee

Post #: 1

Featured Links*

RE: Sharepoint 2010 website - 15.Dec.2010 6:52:09 PM

Jason Jones

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline

You should be using TMG as the minimum and UAG if you want even more control of SharePoint functionality especially when accessed from unstrusted/unmanaged machines...

Some blurb:

TMG: http://technet.microsoft.com/en-us/library/dd897040.aspx

UAG: http://technet.microsoft.com/en-us/library/dd861393.aspx

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to ljones10)

Post #: 2

RE: Sharepoint 2010 website - 16.Dec.2010 4:48:28 AM

ljones10

Posts: 100
Joined: 14.Oct.2008
Status: offline

Hi Jason,

I thought this might be the case. Currently i am trying to get management to purchase TMG to sit behind the external hardware firewall to provide protection to all web servers in the DMZ. This is the job of apache mod security currently and works ok for the web servers currently published. It looks like Apache Mod security will be difficult to setup to protect sharepoint 2010. The applications team feel they can just protect the external facing server with external hadrware firewall and IIS 7.5 and built in throttling controls of sharepoint 2010.

This has strengthened my case for putting in TMG. It is still difficult to get management to understand what ISA or TMG has to offer. I think the cost of UAG might be a bridge too far.

Thanks for all your help

Lee

(in reply to Jason Jones)

Post #: 3