Plan for security and encryption in an EPM/Office SharePoint Server 2007 extranet environment

  • 项目

更新时间: 2010年2月

 

上一次修改主题: 2010-02-23

This article describes how to plan for security and encryption in an Enterprise Project Management (EPM)/ Microsoft Office SharePoint Server 2007 extranet environment. For an overview of this chapter about how to plan for EPM extranets, see Project Server 2007 Extranet 环境的规划.

Plan for security and encryption

Security guidance for an EPM Focused Microsoft Office SharePoint Server 2007 extranet farm environment focuses on recommending practical security configurations and settings for multiple teams or departments that use Microsoft Office SharePoint Server 2007 and Office Project Server 2007 features for collaboration. Security guidance for this environment focuses on:

  • Securing a server farm environment, including isolating content between groups

  • Securing server-to-server communication and client-server communication

  • Hardening servers for specific server roles

  • Securely configuring features

Guidance for the EPM Focused Microsoft Office SharePoint Server 2007 extranet farm environment assumes that all servers reside in a single internal network. For additional in-depth security guidance review 概述:规划服务器场安全性 (Office SharePoint Server).

Also, 规划 Office SharePoint Server 功能的安全配置 discusses additional best practices for Microsoft Office SharePoint Server 2007 feature areas (My Sites, Web Parts, Search etc.) configurations.

For the EPM Focused Microsoft Office SharePoint Server 2007 extranet farm, we recommend that you configure Internet Information Services (IIS) to use Secure Sockets Layer (SSL) for increased security or Kerberos authentication if a Kerberos infrastructure is in place. If you do not configure IIS to use SSL, potentially sensitive data is sent in plain text between the clients and servers on the network. We recommend that you configure servers to use the Internet Protocol security (IPsec) protocol for server-to-server communication.

For additional in-depth Office Project Server 2007 security guidance, review 为 Project Server 2007 规划加密方法.