Preview only show first 10 pages with watermark. For full document please download

Security For Microsoft Sharepoint 2.5 Best Practices Guide

Rating
Date

October 2018
Size

698.9KB
Views

7,120
Categories

Computers & electronics Software Antivirus security software

Transcript

Best Practices Guide McAfee Security for Microsoft SharePoint 2.5.0 COPYRIGHT Copyright © 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. TRADEMARK ATTRIBUTIONS AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide Contents Preface About this guide . . . . . . Audience . . . . . . Conventions . . . . . Finding product documentation 5 . . . . . . . . 1 Overview 2 Pre-installation Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 5 5 6 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 . . 10 . . 10 . . 11 . . 16 Post-installation Instructions 17 Standalone McAfee Security for Microsoft SharePoint . . . . . . . . . . . . . . . . Testing the on-access scan . . . . . . . . . . . . . . . . . . . . . . . . Testing the on-demand scan . . . . . . . . . . . . . . . . . . . . . . . McAfee Security for Microsoft SharePoint managed through ePolicy Orchestrator . . . . . 4 . . . . 7 User roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . Standalone McAfee Security for Microsoft SharePoint . . . . . . . . . . . SharePoint installation in single server mode . . . . . . . . . . . SharePoint installation in a farm . . . . . . . . . . . . . . . . McAfee Security for Microsoft SharePoint managed through ePolicy Orchestrator 3 . . . . . . . . . . 17 . 17 . . 18 . . 19 . . . . . . . . . . . . . . . . Product Configurations 21 McAfee Global Threat Intelligence file reputation technology . . . . . Scan policies . . . . . . . . . . . . . . . . . . . . . . . On-access policy . . . . . . . . . . . . . . . . . . . On-demand policy . . . . . . . . . . . . . . . . . . On-demand scan . . . . . . . . . . . . . . . . . . . . . . Distributing on-demand scans . . . . . . . . . . . . . . Scheduling scans . . . . . . . . . . . . . . . . . . . Recommended configurations for Settings and Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Index 21 . 22 . 22 . 22 24 24 25 . 26 27 McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide 3 Preface This section provides information on the organization of this guide and its related product documentation details. Contents About this guide Finding product documentation About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: • Administrators — People who implement and enforce the company's security program. Conventions This guide uses the following typographical conventions and icons. Book title or Emphasis Title of a book, chapter, or topic; introduction of a new term; emphasis. Bold Text that is strongly emphasized. User input or Path Commands and other text that the user types; the path of a folder or program. Code A code sample. User interface Words in the user interface including options, menus, buttons, and dialog boxes. Hypertext blue A live link to a topic or to a website. Note: Additional information, like an alternate method of accessing an option. Tip: Suggestions and recommendations. Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data. Warning: Critical advice to prevent bodily harm when using a hardware product. McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide 5 Preface Finding product documentation Finding product documentation McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase. Task 1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com. 2 Under Self Service, access the type of information you need: To access... Do this... User documentation 1 Click Product Documentation. 2 Select a Product, then select a Version. 3 Select a product document. KnowledgeBase • Click Search the KnowledgeBase for answers to your product questions. • Click Browse the KnowledgeBase for articles listed by product and version. 6 McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide 1 Overview This chapter introduces McAfee Security for Microsoft SharePoint 2.5 and gives you an overview of the Best Practices Guide. About McAfee Security for Microsoft SharePoint McAfee Security for Microsoft SharePoint (previously known as McAfee PortalShield) provides comprehensive security for information stored on the following Microsoft SharePoint products: • Microsoft SharePoint Server 2003/Windows SharePoint Services 2.0 • Microsoft Office SharePoint Server 2007/Windows SharePoint Services 3.0 • Microsoft SharePoint Server 2010/Windows SharePoint Foundation 2010 Following is a typical dashboard screen that is displayed on launching McAfee Security for Microsoft SharePoint. It provides administrators with the latest statistics of detected items, information on scan and DAT updates, product version and license information, and the details of the recently scanned items. McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide 7 1 Overview About the Best Practices Guide This guide highlights the best practices for using McAfee Security for Microsoft SharePoint version 2.5 as a standalone product or when managed through McAfee ePolicy Orchestrator. Benefits and risks of some of the product configurations that might not seem straight-forward are explained further in this guide. You can gauge which configuration best suits your environment. If you are managing McAfee Security for Microsoft SharePoint using ePolicy Orchestrator, we presume you are familiar with using ePolicy Orchestrator and are primarily focusing on safeguarding your SharePoint servers on the managed nodes using the McAfee Security for Microsoft SharePoint software. 8 McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide 2 Pre-installation Instructions This chapter covers the roles of users associated with McAfee Security for Microsoft SharePoint. It also provides a list of actions you must perform before installing McAfee Security for Microsoft SharePoint. Contents User roles Standalone McAfee Security for Microsoft SharePoint McAfee Security for Microsoft SharePoint managed through ePolicy Orchestrator User roles This section lists the roles of users associated with McAfee Security for Microsoft SharePoint. Role Description SharePoint Farm administrator (Full permissions) Domain account with full administrator permissions for all Windows servers and farm level services in the SharePoint server farm. This account needs to be specified during the McAfee Security for Microsoft SharePoint installation. SharePoint administrator (Full permissions) Domain account with full administrator permissions for SharePoint installed on a single server. This account needs to be specified during the McAfee Security for Microsoft SharePoint installation. Custom user (Minimum permissions) Domain account with the minimum permissions/least privileges required for McAfee Security for Microsoft SharePoint to run. This account needs to be specified during the McAfee Security for Microsoft SharePoint installation. Refer the section Creating a customized domain user account with the least SQL permissions in this guide for instructions on creating a "Custom user" with minimum permissions to run McAfee Security for Microsoft SharePoint. Windows administrator Account that is a member of local administrator’s group to launch the McAfee Security for Microsoft SharePoint installer. This might be the same as the farm administrator account if being used for installing McAfee Security for Microsoft SharePoint. However, if the “Custom User” is being used to run McAfee Security for Microsoft SharePoint, you need a Windows administrator account to run the installer. ePolicy Orchestrator administrator To deploy, manage, and administer McAfee Security for Microsoft SharePoint from ePolicy Orchestrator server. McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide 9 2 Pre-installation Instructions Standalone McAfee Security for Microsoft SharePoint Standalone McAfee Security for Microsoft SharePoint This section provides a list of actions you must perform before installing McAfee Security for Microsoft SharePoint, when the SharePoint server is deployed in a single server mode or in a farm. SharePoint installation in single server mode When the SharePoint server is installed in a single server mode, here's a checklist of instructions you can use before installing McAfee Security for Microsoft SharePoint. Instructions Checklist [ ] Ensure your system meets the minimum hardware and software requirements for installing McAfee Security for Microsoft SharePoint. Refer the Hardware and Software Requirements section in the User Guide. [ ] Ensure you have the Windows administrator credentials to install McAfee Security for Microsoft SharePoint. This account must be a member of Windows administrator's group and the credentials are required for launching the product installer. • For future reference, please make a note of the Windows administrator user name here with the domain name _________________________________ • Also ensure you remember the password for this account. [ ] Ensure you have the SharePoint administrator credentials to supply to the McAfee Security for Microsoft SharePoint installer. This account must be a member of the local administrator group on the SharePoint server and database server for remote database access. • For future reference, please make a note of the SharePoint administrator account name here with the domain name _________________________________ • Also ensure you remember the password for this account. [ ] Uninstall any previous versions of the product prior to the PortalShield 2.0 Service Pack 1 release. PortalShield 2.0 Service Pack 1 will automatically be upgraded to McAfee Security for Microsoft SharePoint 2.5. [ ] Choose open/unused port on the server where you want to host the McAfee Security for Microsoft SharePoint site. You can use the default port 45900 if available. Telnet a port using the Windows command prompt to check if it is open. • From a remote server, use the command telnet • Connection refused means that the port is available (open). • Accepted means that the port is in use and not available. • Timeout means that a firewall is blocking the access. • From the same server, use “netstat –an” to check to see if 45900 port is listening. It is a good practice to have the McAfee Security for Microsoft SharePoint installed in the default directory of the system drive. However, you can select another location as per your requirements. 10 McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide 2 Pre-installation Instructions Standalone McAfee Security for Microsoft SharePoint SharePoint installation in a farm This section provides a list of actions you must perform before installing McAfee Security for Microsoft SharePoint when the SharePoint server is installed in a farm. Recommendation: McAfee recommends that you install McAfee Security for Microsoft SharePoint with SharePoint Farm administrator credentials. McAfee Security for Microsoft SharePoint should be installed on the following servers within the server farm: • All Web Front-End (WFE) servers that host Portal sites. • All WFE servers that host Windows SharePoint Services team sites. • When a WFE server redirects traffic to another SharePoint role in the farm, McAfee Security for Microsoft SharePoint must be installed on both the WFE server and the destination SharePoint role. This is because the redirected traffic does not pass through McAfee Security for Microsoft SharePoint on the WFE. McAfee Security for Microsoft SharePoint is not required on the server types below: • Application servers When you configure on-demand or scheduled scans in an environment where McAfee Security for Microsoft SharePoint is not installed on the application servers, the entire database contents are retrieved from the application servers and streamed over the network to the WFE for scanning. In such cases, it can be beneficial to install McAfee Security for Microsoft SharePoint locally on the application servers to minimize bandwidth usage. • Search Servers • Index Management Servers If you choose to install McAfee Security for Microsoft SharePoint on an Indexing Server, ensure that indexing is scheduled to occur during off-peak hours to minimize the impact of on-access scanning on server performance. • Job Servers • Microsoft SQL Servers If your organization's policy restricts you from using SharePoint Farm administrator credentials or if you do not want to use them for other reasons, you can create a customized normal domain user account [referred to as Custom User (Minimum permissions) in this guide] with the minimum permissions required for McAfee Security for Microsoft SharePoint to run. Refer the Creating a customized domain user account with the least SQL permissions section in this guide for instructions. Instructions for the recommended credentials McAfee recommends that you have the SharePoint Farm administrator credentials before installing McAfee Security for Microsoft SharePoint in a SharePoint farm. With administrator credentials, here's a checklist of instructions you can use before installing McAfee Security for Microsoft SharePoint. McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide 11 2 Pre-installation Instructions Standalone McAfee Security for Microsoft SharePoint Instructions Checklist [ ] Ensure your system meets the minimum hardware and software requirements for installing McAfee Security for Microsoft SharePoint. Refer the Hardware and Software Requirements section in the User Guide. [ ] Ensure you have the Windows administrator credentials to install McAfee Security for Microsoft SharePoint. This account must be a member of Windows administrator's group and the credentials are required for launching the product installer. • For future reference, please make a note of the Windows administrator user name here with the domain name _________________________________ • Also ensure you remember the password for this account. [ ] Ensure you have the SharePoint Farm administrator credentials to supply to the McAfee Security for Microsoft SharePoint installer. This account must be a member of the local administrator group on the SharePoint server and database server for remote database access. If your organization's policy prevents you from using administrative credentials or if you do not want to use them for other reasons, refer the section Creating a customized domain user account with the least SQL permissions in this guide for instructions on creating a "Custom user" with minimum permissions to run McAfee Security for Microsoft SharePoint. • For future reference, please make a note of the SharePoint Farm administrator account name / Custom user account name here with the domain name _________________________________ • Also ensure you remember the password for this account. [ ] Uninstall any previous versions of the product prior to the PortalShield 2.0 Service Pack 1 release. PortalShield 2.0 Service Pack 1 will automatically be upgraded to McAfee Security for Microsoft SharePoint 2.5. [ ] Choose open/unused port on the server where you want to host the McAfee Security for Microsoft SharePoint site. You can use the default port 45900 if available. Telnet a port using the Windows command prompt to check if it is open. • From a remote server, use the command telnet • Connection refused means that the port is available (open). • Accepted means that the port is in use and not available. • Timeout means that a firewall is blocking the access. • From the same server, use “netstat –an” to check to see if 45900 port is listening. 12 McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide Pre-installation Instructions Standalone McAfee Security for Microsoft SharePoint 2 Creating a customized domain user account with the least SQL permissions This section provides instructions on creating a customized normal domain user account with the least SQL permissions if your organization's policy restricts you from using administrator credentials or if you do not want to use them for other reasons. 1. ACTIVE DIRECTORY 1.1 Create new domain user account in Active Directory. (For example: MSMSDBAccnt) 1.2 Assign the account with privileges equivalent to the members of the "Users" group. 1.3 Product installer prompts to type the account credentials while configuring the database access account for remote SQL connection. Setting these account credentials apply only to: • Microsoft SharePoint Server 2003 and Windows SharePoint Services 2.0 installations that use a remote SQL database server. • Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0 (Local and Remote SQL installation). • Microsoft SharePoint Server 2010 and SharePoint Foundation 2010 (Local and Remote SQL installation). 2. SQL SERVER 2.1 SQL server administrator rights are required to make group updates. Following changes to be done under SQL server security: Alternatively, SharePoint administrators can script these manual steps of assigning SQL server permissions for group updates. Changes 2.1.1 Add the custom user account (for example: MSMSDBAccnt) to be used for McAfee Security for Microsoft SharePoint database access account. Provide the "public" permissions to the user. 2.1.2 Under user mapping, select: • All SharePoint content databases corresponding to web applications. • Content database corresponding to your administrator web application. • SharePoint configuration database. 2.2 Following permissions are required to be granted: 2.2.1 Assign the following securables with “Execute “rights for SharePoint configuration database (The exact list might be slightly different). Securables proc_getObjectsByBaseClass proc_getSiteMap proc_getSiteSubset proc_getObjectsByClass proc_getSiteMapById proc_getSiteNames proc_getSiteCount McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide 13 2 Pre-installation Instructions Standalone McAfee Security for Microsoft SharePoint 2.2.2 For each web content database and administrator content database, assign the following securables with “execute” rights. (The exact list may be slightly different based on the environment and applications deployed in SharePoint farm. Please monitor the event viewer regularly to fine tune this list). Securables proc_AddDocument proc_GetLinkInfoSingleDoc proc_AL proc_ListAllWebsOfSite proc_AddListItem proc_ListUrls proc_DeleteUrl proc_SecUpdateUserActiveStatus proc_DirtyDependents proc_SecGetSiteGroupByTitle proc_FetchDocForHttpGet proc_SecGetUserPermissionOnGroup proc_FetchDocForUpdate proc_UpdateVirusInfo proc_GetSiteFlags proc_GetListMetaDataAndEventReceivers proc_GetTpWebMetaDataAndListMetaData proc_GetListFields proc_GetUrlDocId proc_UpdateDirtyDocument proc_GetDocsMetaInfo proc_UpdateListItem proc_GetParentWebUrl proc_SecGetIndividualUrlSecurityCheckEventReceivers proc_GenerateNextId UserData ( Under Views Section) proc_GetWebMetainfo 2.2.3 For each web content database and administrator content database, assign the "execute" rights on this object (Step: Go to Programmability | Functions | Scalar-Valued Functions for each db). • fn_GetFullUrl 2.3 No requirement for local administrator group membership. 3. SHAREPOINT SERVER 3.1 No requirement for local administrator group membership by the domain user account (For example: MSMSDBAccnt) used by McAfee Security for Microsoft SharePoint. 3.2 No requirement for interactive login. 3.3 No requirement for Site Collection administrator. 3.4 Create a new Permission Policy Level (For example: MSMS-Permissions) and grant the following permissions. These permissions are the minimal set for McAfee Security for Microsoft SharePoint to work with the SharePoint Object model and iterate over the SharePoint store to do scan and clean. (SharePoint Farm administrator rights are required to make this change). 14 McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide Pre-installation Instructions Standalone McAfee Security for Microsoft SharePoint 2 Permissions 3.4.1 Under Site collection Permissions grant "Site Collection Auditor" permission. Site collection auditors have Full Read access for the entire site collection including reading permissions and configuration data. McAfee Security for Microsoft SharePoint requires this as it monitors the SharePoint anti-virus settings to determine whether real-time scan is enabled or disabled. 3.4.2 In "List permissions" section, grant the following permissions: • Manage List — Required for replacing/deleting infected content added as an attachment under items in “Discussions”. • Override Check Out — Required to forcefully check in a document detected as infected and perform the action as per policy. • Add Items — Required for replacing the infected file with a file containing replacement alert message. • Edit Items — Required for updating the checked out documents while forcefully checking in with a checkin comment. • Delete Items — Required for removing an infected list item (document). • View Items — Required for the target picker while defining a scan target. 3.4.3 Under Site Permissions, grant "View Pages - View pages in a website" permission. Without this, McAfee Security for Microsoft SharePoint is unable to iterate over the site in on-demand scan tasks. 3.4.4 Save the newly created permission policy level. 3.5 For each Web application created in the SharePoint Farm: Instructions 3.5.1 Update the Web application policy for the respective web application to add the product database access account (For example: MSMSDBAccnt) with Permission Policy Level created earlier (For example: MSMS-Permissions). 3.5.2 Update the Web application policy to cover any web applications that are added in future. This will not cover the "Central Admin" application - which will not be scanned unless Option1 above is chosen. Alternatively, we can add the product database access account (For example: MSMSDBAccnt) as a secondary site collection administrator account on the "Central Admin" web application alone. 3.6 Manual steps may be possible for scripting. Local administrator rights or GPOs are required to make these group updates. Update the IIS and SharePoint user groups on each SharePoint Server by adding the McAfee Security for Microsoft SharePoint database access account (For example: MSMSDBAccnt). User groups 3.6.1 IIS_WPG (for IIS 6) and IIS_IUSRS (IIS7) 3.6.2 WSS_WPG 3.7 Add “Modify” permission allowing the product database access account (For example: MSMSDBAccnt) read/ delete access to the McAfee Security for Microsoft SharePoint bin folder. (\Bin). (Manual steps may be possible for scripting. Local admin permission or GPOs are required to make the changes). This folder is specific to McAfee Security for Microsoft SharePoint. For example: For default installation, the bin folder path will be C:\Program Files\McAfee\McAfee PortalShield\Bin McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide 15 2 Pre-installation Instructions McAfee Security for Microsoft SharePoint managed through ePolicy Orchestrator Reason: This permission is required if on-demand scans are scheduled via ePolicy Orchestrator. During runtime, ePolicy Orchestrator passes the configuration details needed for the on-demand scan to the McAfee agent plug-in, which will place the configuration details in a file in the product bin folder with a “.tmp” extension. The on-demand process (RunScheduled.exe) reads the configuration from this file and then deletes it. If using a regular domain account (For example: MSMSDBAccnt), the account will not have read/ delete access for the “bin” folder. Hence “Modify” access needs to be added for the product database access account (For example: MSMSDBAccnt) on the “bin” folder. This can be done after installation or via GPOs (Group Policy Objects). Alternatively, scripting for manual steps 3.4, 3.5 & 3.6 are possible for SharePoint administration and requires SharePoint administrator rights to make the changes. McAfee Security for Microsoft SharePoint managed through ePolicy Orchestrator Here's a checklist of actions you can use before deploying McAfee Security for Microsoft SharePoint using ePolicy Orchestrator 4.0 or 4.5. Instructions Checklist [ ] Use administrator credentials of the ePolicy Orchestrator server. [ ] Add manageable nodes to the ePolicy Orchestrator server on which you want to deploy McAfee Security for Microsoft SharePoint. Refer the ePolicy Orchestrator product documentation for instructions. [ ] Deploy McAfee Agent 4.0 or later on your managed nodes running Microsoft SharePoint. Refer the McAfee Agent product documentation for installation instructions. [ ] Ensure you have administrator credentials for each SharePoint server in single server mode or farm environment. These credentials must be provided while deploying for Microsoft Office SharePoint Server 2007 or SharePoint 2010 (using command line option). (Command line parameters are separated by a space). For example: REMOTESQLUSER="DomainName \UserName or HostName\UserName" REMOTESQLPWD="password" IISPORT=45900 (Optional). For more information on the command line usage, refer the Installing McAfee Security for Microsoft SharePoint on Managed Nodes section in User Guide. [ ] Remove any previous versions of the product from ePolicy Orchestrator prior to the PortalShield 2.0 Service Pack 1 release. PortalShield 2.0 Service Pack 1 will automatically be upgraded to McAfee Security for Microsoft SharePoint 2.5. [ ] Choose open/unused port on the server where you want to host the McAfee Security for Microsoft SharePoint site. You can use the default port 45900 if available. Telnet a port using the Windows command prompt to check if it is open. • From a remote server, use the command telnet • Connection refused means that the port is available (open). • Accepted means that the port is in use and not available. • Timeout means that a firewall is blocking the access. • From the same server, use “netstat –an” to check to see if 45900 port is listening. 16 McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide 3 Post-installation Instructions This chapter provides instructions on verifying your McAfee Security for Microsoft SharePoint installation. Contents Standalone McAfee Security for Microsoft SharePoint McAfee Security for Microsoft SharePoint managed through ePolicy Orchestrator Standalone McAfee Security for Microsoft SharePoint After installing McAfee Security for Microsoft SharePoint as a standalone product, you can verify if the on-access and on-demand scanning works properly. To test the on-access scanning, upload the standard EICAR anti-virus test file on SharePoint server. To test the on-demand scanning, disable on-access scanning, upload an EICAR test file, and schedule an on-demand scan to run immediately. EICAR test file is NOT A VIRUS. Testing the on-access scan After installing McAfee Security for Microsoft SharePoint, we recommend that you test the installation to ensure that the software is installed properly and can detect viruses and other unwanted content in a file/document. Before you begin • Update McAfee Security for Microsoft SharePoint with the latest DATs by clicking Update Now on the dashboard. • In SharePoint server, select the Scan documents on upload and Scan documents on download options. • If you have any other security software installed on your server (such as McAfee VirusScan Enterprise), disable its on-access scanner during this process. This is to prevent the file being identified by the other security software. Task 1 Launch the Microsoft SharePoint server. 2 Copy the following line into its own file, then save the file with the name EICAR.TXT: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* The file size will be 68 or 70 bytes. 3 Launch the McAfee Security for Microsoft SharePoint software and upload the EICAR.TXT file to your Microsoft SharePoint server. McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide 17 3 Post-installation Instructions Standalone McAfee Security for Microsoft SharePoint By default, on-access scanning in McAfee Security for Microsoft SharePoint is configured to Prevent Upload/ Download of the Item. Hence McAfee Security for Microsoft SharePoint will prevent the file to be stored in SharePoint. View the scan results in McAfee Security for Microsoft SharePoint dashboard; Statistics counter will be incremented. For details, see the Recently Scanned Items section. It will have an entry with a red icon. Testing the on-demand scan After testing the on-access scanning, we recommend you to test the on-demand scanning too. Before you begin Before testing the on-demand scanning, do one of the following: • Click On-Access Settings on McAfee Security for Microsoft SharePoint dashboard to display the Configure anti-virus settings page of SharePoint server. Deselect Scan documents on upload and Scan documents on download. • If you have any other security software installed on your server (such as McAfee VirusScan Enterprise), disable its scanners during this process. This is to prevent the file being identified by the other security software. Task 1 Delete any EICAR file if present in the document store, then upload a new EICAR file. 2 Schedule an on-demand scan to run immediately for that document store (using the Run Now option). For instructions, please refer the McAfee Security for Microsoft SharePoint 2.5.0 User Guide. The McAfee Security for Microsoft SharePoint software displays an alert that the EICAR test file was found (as per the default on-demand policy setting Replace item with an alert). If an error message is displayed, check the SharePoint database credentials you entered during installation and ensure they are correct. To modify the credentials in case they are incorrect, you can run the "SetSQLAct.exe" utility in command line. This utility is located in \bin. Usage is as follows: SetSQLAct.exe /USER= /PASSWORD= /DOMAIN= 18 3 View the scan results in McAfee Security for Microsoft SharePoint dashboard; Statistics counter will be incremented. For details, see the Recently Scanned Items section. It will have an entry with a red icon. 4 Delete the file when you have finished testing your installation to avoid alarming unsuspecting users. 5 If you disabled on-access scanning before testing on-demand scanning, ensure you re-enable on-access scanning to provide real-time protection against viruses and unwanted files and content within your SharePoint computer. 6 If you have disabled any other anti-virus software during these tests, re-enable them. McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide Post-installation Instructions McAfee Security for Microsoft SharePoint managed through ePolicy Orchestrator 3 McAfee Security for Microsoft SharePoint managed through ePolicy Orchestrator After deploying McAfee Security for Microsoft SharePoint on managed nodes, you can verify the on-demand scanning, details of managed nodes. You can also enforce policies to verify the reports on ePolicy Orchestrator server or the managed nodes. Testing the on-demand scan To test on-demand scanning, upload an EICAR test file on the SharePoint server, then schedule an on-demand scan to run immediately. Refer the McAfee Security for Microsoft SharePoint 2.5.0 User Guide for instructions on scheduling on-demand scan tasks using ePolicy Orchestrator versions 4.0 and 4.5. Details of managed nodes Verify the details of a managed node in System Tree by clicking on it. Setting policies For instructions on creating and enforcing policies, refer the McAfee Security for Microsoft SharePoint 2.5.0 User Guide. To verify these policies, see the policy reports. Reports extension must be installed on ePolicy Orchestrator to view these reports. McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide 19 4 Product Configurations This chapter describes Artemis Technology and provides recommendations for configuring the on-access and on-demand scan policy, and the Settings and Diagnostics feature. Contents McAfee Global Threat Intelligence file reputation technology Scan policies On-demand scan Recommended configurations for Settings and Diagnostics McAfee Global Threat Intelligence file reputation technology This section provides recommendations for selecting a sensitivity level for McAfee Global Threat Intelligence File Reputation. McAfee Global Threat Intelligence File Reputation safeguards your SharePoint Server by providing real-time security from the ever-evolving threats. It enables the leverage of threat intelligence gathered by McAfee Labs to prevent damage and data theft even before a signature or DAT update is available. In case of an upgrade from PortalShield 2.0 Service Pack 1 to McAfee Security for Microsoft SharePoint 2.5, the McAfee Global Threat Intelligence file reputation is enabled by default to provide additional coverage for file-based malware. In case of slow DNS lookups in your environment, you may experience slow on-demand scanning. Sensitivity Level Description Disabled McAfee Global Threat Intelligence File Reputation feature is turned off. Very Low Equivalent to next days DATs. Get tomorrow's protection today. Recommended initial configuration. Low Protection in addition to DATs. Medium Used when the risk of regular exposure to malware is greater than the risk of a false positive. McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide 21 4 Product Configurations Scan policies Sensitivity Level Description High Recommended for use in SharePoint Repositories which are regularly infected. Very High Recommended for use in On-Demand Scans on SharePoint Repositories. You can also refer to the following McAfee KnowledgeBase articles: • https://kc.mcafee.com/corporate/index? page=content&id=KB53733 for information on uploading ArtemisTest.zip file (test file) to your SharePoint server for testing the McAfee Global Threat Intelligence file reputation technology. • https://kc.mcafee.com/corporate/index? page=content&id=KB68631 for more information on the best practices of Global Threat Intelligence File Reputation feature. Scan policies This chapter provides best practices for configuring on-access and on-demand scan policies. Contents On-access policy On-demand policy On-access policy Here are the best practices for configuring on-access policies. However, this can vary as per your requirements. The following configuration identifies and eliminates viruses and other malicious programs from being uploaded to your SharePoint servers in real-time. • Always enable the anti-virus scanner, content scanning, and file filtering scanners for on-access policy. For true file type detection in file filtering, enable content scanning. • Select the High Protection option to maximize the protection level of the anti-virus scanner. • Select the Quarantine option always so that you can retrieve the files from the quarantine database later if required. For instructions, refer the Anti-Virus Scanner section in McAfee Security for Microsoft SharePoint 2.5.0 User Guide. On-demand policy Here are the best practices for configuring on-demand policies. However, this can vary as per your requirements. Apart from safeguarding your SharePoint servers from viruses and other malicious programs, the following configuration scans the textual data (content) in files stored in SharePoint servers. 22 McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide Product Configurations Scan policies • Always enable the anti-virus scanner, content scanning, and file filtering scanners for on-demand policy. For true file type detection in file filtering, enable content scanning. • Select the High Protection option to maximize the protection level of the anti-virus scanner. • Select the Quarantine option always so that you can retrieve the files from the quarantine database later if required. 4 For instructions, refer the Core Scanners section in McAfee Security for Microsoft SharePoint 2.5.0 User Guide. McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide 23 4 Product Configurations On-demand scan On-demand scan This section provides instructions on distributing on-demand scan tasks across SharePoint servers in a farm environment. It also describes the best practices of scheduling on-demand scan tasks for higher performance. Distributing on-demand scans Following is an example illustrating the farm deployment of McAfee Security for Microsoft SharePoint in an organization. Task 1 Install McAfee Security for Microsoft SharePoint on the servers numbered from 1 to 5 in the following figure. These servers are typically the front-end web servers and application servers. For information on which servers in a SharePoint farm you require to install McAfee Security for Microsoft SharePoint, refer the McAfee KnowledgeBase article at https://kc.mcafee.com/corporate/index? page=content&id=KB52773. 2 Distribute on-demand scanning across various McAfee Security for Microsoft SharePoint installations. For example: In the above figure, suppose 15 different sites (site1 to site15) are created on the SharePoint farm. By default, you will schedule an on-demand scan on a single WFE server that would iterate over the 15 sites. However, for better performance, you should schedule on-demand scan to run on each of the MSMS servers by dividing the total number of sites across them. For instance, schedule scan for site1, site2, and site3 from SharePoint server 1 and for site4, site5, and 24 McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide Product Configurations On-demand scan 4 site6 from SharePoint server 2 and so on. Ideally if there was some location benefit, you would schedule the on-demand scan on the McAfee Security for Microsoft SharePoint instance as close to the target sites as possible. To distribute on-demand scans across SharePoint servers using ePolicy Orchestrator, schedule on-demand scan tasks for the configured policies. For instructions, refer the ePolicy Orchestrator product documentation. Scheduling scans This section provides recommendations for scheduling on-demand scans for increased performance. • Separate the internal and external facing SharePoint sites. • Schedule on-demand scans during non-peak hours like weekends or during the maintenance period. • When scheduling an on-demand scan for the first time, schedule a full on-demand scan. Subsequently, you can use Incremental scanning to scan only the new or modified items on your SharePoint server rather than re-scanning the entire server. You can select to scan from the last scanned date or even scan by specifying the date and time of the last scan. • In case of a larger database or server, use Resumable scanning. In resumable on-demand scan, while a scan in progress is stopped, McAfee Security for Microsoft SharePoint saves the current state of the scan task. When the same task is started later, scan will resume from the last scanned folder. In the event of a signature (DAT)update while a scan is paused, McAfee Security for Microsoft SharePoint provides an option to restart the scan with the updated DATs. Resumable scanning, incremental scanning and file extension exclusion are not supported if you are using SharePoint Server 2003. McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide 25 4 Product Configurations Recommended configurations for Settings and Diagnostics Recommended configurations for Settings and Diagnostics This section provides recommended configurations for Settings and Diagnostics features of McAfee Security for Microsoft SharePoint. Feature/Option Name Description Recommendations/Best Practices Detected Items This option allows you to configure settings for the local database of quarantined items. • Database location — We recommend that you retain the default quarantine database location (product installation folder). However, in case of a disk space constraint, you can select another location. • Maximum query size (records) — Optimal value for displaying maximum records on the user interface in detected items is 1000. Purge of old items frequency and Optimization frequency are database operations. You must not schedule these operations to run at the same time because one of the operations will be locked by the database. Schedule optimization after purging the old items. 26 UI preferences This option allows you to configure user interface refresh, report, metric, graph and chart settings. Always enable the Show recently scanned items option to include the Recently Scanned Items tab in Reports section on the dashboard. Diagnostics This option allows you to specify the level of debug logging required, the maximum size of debug files, and where they should be saved. We recommend that you disable debug logging by selecting None from the Level drop-down menu. Enable it only when asked by McAfee Technical Support for collecting logs. Import and Export Configuration This option allows you to copy the configuration of one McAfee Security for Microsoft SharePoint to another. Before clicking Restore Default, export your current configuration if you have set, so that you have a backup and not lose your configuration. User Settings Add all application pools to be recycled where SharePoint sites are running. This is a good practice specially in case of frequent DAT updates. This option allows you to prevent or allow the upload of a document which failed to scan, retrieve the anti-virus settings from the SharePoint server when required, specify the maximum size of quarantined items and scanner counts, and add/remove the application pools. McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide Index A M about this guide 5 managed nodes details deployment through ePolicy Orchestrator 19 McAfee Global Threat Intelligence file reputation sensitivity level 21 McAfee Security for Microsoft SharePoint dashboard 7 introduction 7 McAfee ServicePortal, accessing 6 modify database credentials 18 B best practices configuring on-access policies 22 configuring on-demand policies 22 schedule on-demand scan for increased performance 25 settings and diagnostics 26 best practices guide audience 7 overview 7 C conventions and icons used in this guide 5 create customized normal domain user account least SQL permissions 13 D deployment through ePolicy Orchestrator managed nodes details 19 post-installation instructions 19 pre-installation instructions 16 settings policies 19 system details 19 test on-demand scan 19 distribute on-demand scan load 24 distribute scan load SharePoint in farm 24 documentation audience for this guide 5 product-specific, finding 6 typographical conventions and icons 5 E EICAR test file 17 I introduction McAfee Security for Microsoft SharePoint 7 O overview best practices guide 7 P post-installation instructions deployment through ePolicy Orchestrator 19 standalone product 17 pre-installation instructions deployment through ePolicy Orchestrator 16 single SharePoint server mode 10 R recommended credentials 11 S scan documents on download 17, 18 scan documents on upload 17, 18 ServicePortal, finding product documentation 6 SetSQLAct.exe utility 18 settings and diagnostics recommended configurations 26 settings policies deployment through ePolicy Orchestrator 19 SharePoint Central Administration 18 SharePoint installation in farm 11 T Technical Support, finding product information 6 McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide 27 Index test on-demand scan deployment through ePolicy Orchestrator 19 testing installation 17 testing on-access scan 17, 18 V verify on-access scanning 17 verify on-demand scanning 17 U user roles 9 28 McAfee Security for Microsoft SharePoint 2.5.0 Best Practices Guide

Security For Microsoft Sharepoint 2.5 Best Practices Guide

Rating

Date

Size

Views

Categories

Share

Transcript