SharePoint Virus Detection Policy Template

This file was edited for correctness by Edgardo Gonzalez of PRSL.

Introduction – SharePoint Virus Policy Template The number of SharePoint security incidents and the resulting cost of business disruption and service restoration continues to escalate. Implementing solid SharePoint security policies, blocking unnecessary access to networks and computers, improving user security awareness, and early detection and mitigation of security incidents are some of the actions that can be taken to reduce the risk and drive down the cost of SharePoint security incidents.
Purpose The purpose of the [Organization] SharePoint Virus Policy is to to describe the requirements for dealing with computer virus, worm and Trojan Horse prevention, detection and cleanup.
Audience The [Organization] SharePoint Virus Policy applies equally to all individuals who use any [Organization] SharePoint resource.
SharePoint Virus Policy Definitions
  • Virus: A program that attaches itself to an executable file or vulnerable application and delivers a payload that ranges from annoying to extremely destructive. A file virus executes when an infected file is accessed. A macro virus infects the executable code embedded in Microsoft Office programs that allows users to generate macros.
  • Trojan Horse: Destructive programs-usually viruses or worms-that are hidden in an attractive or innocent-looking piece of software, such as a game or graphics program. Victims may receive a Trojan horse program by e-mail or on a diskette, often from another unknowing victim, or may be urged to download a file from a Web site or bulletin board.
  • Worm: A program that makes copies of itself elsewhere in a computing system. These copies may be created on the same computer or may be sent over networks to other computers. The first use of the term described a program that copied itself benignly around a network, using otherwise-unused resources on networked machines to perform distributed computation. Some worms are security threats, using networks to spread themselves against the wishes of the system owners and disrupting networks by overloading them. A worm is imilar to a virus in that it makes copies of itself, but different in that it need not attach to particular files or sectors at all.
SharePoint Virus Policy
  • All workstations whether connected to the [Organization] SharePoint network, or standalone, must use the [Organization] approved virus protection software and configuration.
  • The virus protection software must not be disabled or bypassed.
  • The settings for the virus protection software must not be altered in a manner that will reduce the effectiveness of the software.
  • The automatic update frequency of the virus protection software must not be altered to reduce the frequency of updates.
  • Each file server attached to the [Organization] network must utilize [Organization] approved virus protection software and setup to detect and clean viruses that may infect file shares. It must be appropriately audited to ensure that viruses have no means to channel into SharePoint.
  • Each Exchange gateway must utilize [Organization] approved e-mail virus protection software and must adhere to the IS rules for the setup and use of this software.
  • Every virus that is not automatically cleaned by the virus protection software constitutes a security incident and must be reported to the [Organization] Help Desk.
SharePoint Portal Password Policy Supporting Information
  • Any and all [Organization] SharePoint security controls must not be bypassed or disabled.
  • All [Organization] SharePoint users are responsible for managing their use of SharePoint and are accountable for their actions relating to SharePoint security. Users are also equally responsible for reporting any suspected or confirmed violations of this policy to the appropriate management responsible for SharePoint security incident handling.
  • The use of SharePoint must be for officially authorized business purposes only. There is no guarantee of personal privacy or access to tools such as, but not limited to; SharePoint areas, WSS team sites, any and all collaboration and communication functionality, and any sister sever integrations (i.e. integrated Microsoft Exchange environments). The use of Sharepoint and SharePoint related tools may be monitored to fulfill complaint or investigation requirements, including forensic an analysis into IDS or other security systems. Departments responsible for custody and operations of the SharePoint servers (custodian departments) shall be responsible for proper authorization of SharePoint server utilization, the establishment of effective use, and reporting of performance to management.
  • Any data housed within SharePoint must be kept confidential and secure by the respectful [Organization] SharePoint user. The fact that the business data may be stored electronically (i.e. document library or SharePoint list) does not change the requirement to keep the information confidential and secure. The type of information or the information itself is the basis for determining whether the data must be kept confidential and secure. Furthermore if this data is stored in a paper or electronic format, or if the data is copied, printed, or electronically transmitted the data must still be protected as confidential and secured.
  • [Organization] server custodian departments must provide adequate access controls in order to monitor SharePoint systems to protect business data and associated programs from misuse in accordance with the needs defined by owner departments. All SharePoint access must be properly documented, authorized and controlled, following [Organization] standardized processes.
  • All commercial SharePoint software used in [Organization]’s SharePoint environment (i.e. Web Parts) must be supported by a software license agreement that specifically describes the usage rights and restrictions of the product. SharePoint users must abide by all license agreements and must not illegally copy licensed software. [Organization] reserves the right to remove any unlicensed software from the SharePoint environment.
  • [Organization] reserves the right to remove any non-business related SharePoint software or files from the SharePoint environment.
Disciplinary Actions Violation of this policy may result in disciplinary action which may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of [Organization] SharePoint access privileges, civil, and criminal prosecution.
Compliance / Regulation Contributed to by this Policy
  • Copyright Act of 1976
  • Foreign Corrupt Practices Act of 1977
  • Computer Fraud and Abuse Act of 1986
  • Computer Security Act of 1987
  • The Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Data Protection Manager Integration With SharePoint Impacts

* This article was written in the context of System Center Data Protection Manager 2006 (SCDPM), a technology now considered deprecated with the introduction of System Center Data Protection Manager 2007. Variations may exist. *

Integrating Data Protection Manager into Your Current Backup Strategy
Microsoft Data Protection Manager does not replace normal backup strategies using tape media for off-site storage backup; this is still a necessary step for appropriate portal data protection. This is for several reasons, however the most clear is that if something does happen at the local data center, such as a natural disaster or corporate espionage, it is still possible to restore normal data operations. It is possible to use disk drives for off-site storage, however they are obviously sensitive to external elements and would be extremely arduous to attach and detach to devices in order to transfer information. Tapes can store similar quantities of data, however are much better mechanisms for the removal and transportation of the media.
Typical Disaster Recovery Specific Hardware
Typically within a legacy backup strategy, data is pulled from a file server that houses manually moved backed up files. Tapes are typically governed by an arm winch (this can also be known by other names), that can automatically pick and relate backups using firmware built on simple selection algorithms to appropriately choose tapes on a defined backup schedule.
Winch and Machine — > | | —–|= |=====| < — Tape Drives
| | |=====|
| | |=====|
An arm winch isn’t a necessity for smaller environments, since they can often be fairly expensive for smaller businesses (unless purchased used), and sometimes the amount of data being backed up doesn’t necessitate the need for winches since it can easily be handled manually be a network administrator or similar employee. Plan your DR hardware accordingly, and don’t overdue it. Minus the cost up front for the arm winch hardware, take into account maintenance of the tapes themselves (from buying new tapes as others become antiquated to buying more as you gain more data and more are retired off-site), to tape deportation and re-importation (a job of the network / SharePoint administrator), to maintaining the actually tape system itself, along with several other actions.
Why DPM Doesn’t Replace Tape Backups
Tape backups are the first step for a proper disaster recovery plan and DPM doesn’t replace a tape backup strategy. Rather, DPM is an intervention of within a DR process, a placeholder between your tape backups to streamline the process and make it easier for an organization to facilitate agile backups of your environment as they occur. DPM integrates into existing disaster recovery processes by providing an extra layer of disaster recovery functionality.
Three Methods of DPM Integration
DPM integrates in a variety of fashions, however the three most typical are:
  • Parallel Program Instantiation (PPI)
  • Virgin Program Adoption (VPA)
  • Interchangeable Program Exchange (IPA)
Parallel Program Instantiation
Parallel Program Instantiation (PPI) is a common method of implementing DR solutions because it allows an eventual merging of a DR solution within an environment without a complete drop of a legacy DR solution. It is similar to upgrading arbitrary line of business applications; typically a staging environment is set for the upgrade before it is applied to an actual production environment. For example, when migrating your SharePoint environment from a 2003 instance to SharePoint 2007 (MOSS, currently in beta as of the writing of this article due for a technical refresh in approximately two weeks) it would be atypical and ill-advised to just run an upgrade against your environment since there are a variety of factors that exist which might impact this type of upgrade. Typically, there should be a staged environment that would allow granular conclusions about an upgrade that will mimic the eventual production environment.
Virgin Program Adoption
Virgin Program Adoption (VPA) is a common method for organizations that are just starting out with a disaster recovery policy, or have a malformed disaster recovery system currently. As the name implies, the current enterprise network is not currently implementing a disaster recovery system, and there is an introduction of disaster recovery practices. This is one of the easiest DPM implementations because there are no expectations involved and there is no necessity of integration with legacy DR implementations.
Interchangeable Program Exchange
Interchangeable Program Exchange (IPE) is a method when the former disaster recovery solution is so malformed that it is considered nearly non-existent, or not only doesn’t offer benefits, but can be considered detrimental to normal business operations. IPE means that there is no staging environment because the mitigation of risks typically involved in PPI aren’t a large concern, and therefore a direct solution replacement will not cause operational interruptions.
As you can see, there are a variety of implementations that are possible depending on your current network configuration and how you wish to approach an implementation of a DR policy. Sometimes, it will require a mixture of two approaches, or for you to define your own process as you see fit towards corporate DR goals.

Introduction to Microsoft Data Protection Manager Integration With SharePoint

* This article was written in the context of System Center Data Protection Manager 2006 (SCDPM), a technology now considered deprecated with the introduction of System Center Data Protection Manager 2007. Variations may exist. *

Introduction to Microsoft Data Protection Manager Marriage with SharePoint
A proper SharePoint environment should encompass all aspects involved in a traditional networked computing infrastructure; particularly since SharePoint is or will become the chief repository for business information. One of the most overlooked aspects however of a SharePoint environment is that of disaster recovery and proper data restoration processes in case of an emergency to mitigate several levels of risks.
We don’t have a SharePoint disaster recovery plan, and aren’t really looking to spend any more additional funds on our SharePoint deployment, so would prefer to negate the requirement.
How many times has it been heard with enterprises implementing SharePoint?
SharePoint Disaster Recovery Isn’t an Option, It’s a Requirement   
Having a disaster recovery plan for your SharePoint deployment isn’t an option; it’s a necessity in order to protect precious enterprise data. Enterprises will expunge an unlimited amount of funds extending the rich functionality of SharePoint, however when it comes to actually setting up methods and procedures that are meant to enhance the security and disaster recovery of a portal, the benefits of it seem negligible.
This is one of the biggest fallacies that exist within implementing a communications and collaborations platform within a company. Not having mechanisms that facilitate recovery of your critical business data will not only cause your network and SharePoint administrators hesitation, but if any type of disaster occurs, you will only have remedial mechanisms to work with to bring line of business applications back to your information workers that need it.
There are three main things that we wish to gain out of a DPM implementation in relation to our SharePoint environment:
  1. Provide Uninterrupted and Constant Data Protection
  2. Provide Easy Mechanisms for Backup Restoration Intended for Both Users and Administrators
  3. Provide Mechanisms For Central Management For Data Protection Mechanisms
Provide Uninterrupted and Constant Data Protection  
With disk-to-tape backups, constant data protection is not possible since users are typically leveraging the portal at undetermined times and the amount of data that changes within a SharePoint portal happen at all times during the day, tapes are usually meant to run at arbitrary times within an enterprise. Exporting the data to a flat file and protecting it with DPM however a viable option is. Similarly, you can schedule the SQL backups through various clients or use the SharePoint backup utility to create scheduled backups that are stored on a file server which can then be protected with DPM.
Provide Easy Mechanisms for Backup Restoration Intended for Both Users and Administrators
DPM provides mechanisms that allow a user and administrator to easily restore backup files using a windows explorer like interface. These tools interact with the speed and reliability of using the DPM backup mechanisms, allowing backups to be granular restored depending on the permissions that you see fit.  Notifications and reports can also be sent to users that you deem are necessary to see such metrics.
Provide Mechanisms For Central Management For Data Protection Mechanisms
Interaction between DPM and Microsoft Operations Manager offer more granular control over your backup strategy and relevant servers (such as your backup file server and your DPM servers as a whole). There are inherit tools that allow you to generate DPM relevant reports, fine tune your DPM environment by examining backup metrics, and enable notifications for possible problems within your backup environment.
Assuming you are using SharePoint, it can also be assumed that you are also leveraging the Microsoft Operations Framework, which plays a pivotal functional within the management of aggregate IT assets and overall SharePoint operations.  It is important to realize the MOF is like the MSF (Microsoft Solutions Framework), in that it is an approach of best practices and approaches to your environment, and not an actual bundled piece of software. There are four main portions that exist within the Microsoft Operations Framework, optimizing, changing, supporting, and operating. In relation to the marriage of Data Protection Manager and SharePoint, we are concerned with two main quadrants of this, supporting and operating since we are concerned about supporting our line of business applications and communications and colorations environment and operating since we must provide our user with the environment which enables virtual teams so that process within the enterprises can remain optimal.
The SharePoint Backup and Restoration Process Using Data Protection Manager The DPM Backup Process 
The backup and restore process for protecting your SharePoint environment depends greatly on the data that you consider to have a low user tolerance for loss, and that which can be restored by using SharePoint media (such as SharePoint file stores). However, in an arbitrary backup process involving a backup of our SQL databases:
  1. SharePoint SQL files are exported to flat files and placed onto a protected share on the file server (support for SQL will be built in the second half of 2007)
  2. DPM will create a replica of these sources on the DPM server
  3. The changed data is sent back and forth between the file server and the DPM server
  4. DPM will also create shadow copies which allow revision control over point in time backups
This backup process will allow a user to choose which revision to restore either from the administrator or client console.
The DPM Restore Process
The restore process using Data Protection Manager can happen either from a user or as the DPM administrator.
  1. A SharePoint user or DPM administrator will choose a specified SQL backup to restore from a client tool that resembles the Windows Explorer interface
  2. DPM will restore the backup to the file server where it can be re-imported into the SQL database