SharePoint Backup/DRP Policy Template

Introduction – SharePoint Backup/DRP Policy SharePoint backups are a business requirement to enable the recovery of SharePoint data and applications in the case of events such as natural disasters, system disk drive failures, espionage, data entry errors, or system operations errors.
Purpose The purpose of the [Organization] SharePoint Backup/DRP Policy is to establish the rules for the backup and storage of electronic [Organization] information.
Audience The [Organization] Backup/DRP Policy Policy applies to all individuals that are responsible for the installation of new SharePoint property, the operations of existing SharePoint property, and individuals charged with SharePoint security.
SharePoint Backup/DRP Policy
  • The frequency and extent of SharePoint backups must be in accordance with the importance of the information and the acceptable risk as determined by the data owner.
  • The [Organization] SharePoint backup and recovery process for SharePoint must be documented and periodically reviewed.
  • The vendor(s) providing offsite SharePoint backup storage for [Organization] must be cleared to handle the highest level of information stored.
  • Physical access controls implemented at offsite backup storage locations must meet or exceed the physical access controls of the source systems. Additionally backup media must be protected in accordance with the highest [Organization] sensitivity level of information stored.
  • A process must be implemented to verify the success of the [Organization] SharePoint backup.
  • Backups must be periodically tested to ensure that they are recoverable.
  • Signature cards held by the offsite backup storage vendor(s) for access to [Organization] backup media must be reviewed annually or when an authorized individual leaves [Organization].
  • Procedures between [Organization] and the offsite SharePoint backup storage vendor(s) must be reviewed at least annually.
  • Backup tapes must have at a minimum the following identifying criteria that can be readily identified by labels and/or a bar-coding system:

1. System name

2. Creation Date

3. Sensitivity Classification [Based on applicable electronic record retention regulations.]

4. [Organization] Contact Information

SharePoint Backup/DRP Policy Supporting Information
  • Any data housed within SharePoint must be kept confidential and secure by the respectful [Organization] SharePoint user. The fact that the business data may be stored electronically (i.e. document library or SharePoint list) does not change the requirement to keep the information confidential and secure. The type of information or the information itself is the basis for determining whether the data must be kept confidential and secure. Furthermore if this data is stored in a paper or electronic format, or if the data is copied, printed, or electronically transmitted the data must still be protected as confidential and secured.
  • On termination of the relationship with the Sharepoint user all security policies for [Organization] apply and remain in force surviving the terminated relationship.
  • The department which requests and authorizes a SharePoint application (the site / application owner) must take the appropriate steps to ensure the integrity and security of all SharePoint Web Parts and application logic, as well as data files created by, or acquired for, SharePoint applications. To ensure a proper segregation of duties, owner responsibilities cannot be delegated to the SharePoint server custodian.
  • The integrity of [Organization] SharePoint software, utilities, operating systems, networks, and respective data files are the responsibility of the server custodian department. Data for test and research purposes must be de-personalized prior to release to testers unless each individual involved in the testing has authorized access to the SharePoint data.
  • [Organization] server custodian departments must provide adequate access controls in order to monitor SharePoint systems to protect business data and associated programs from misuse in accordance with the needs defined by owner departments. All SharePoint access must be properly documented, authorized and controlled, following [Organization] standardized processes.
  • All [Organization] departments must carefully assess the risk of unauthorized alteration, unauthorized disclosure, or loss of the data within the [Organization] SharePoint environment for which they are responsible and ensure, through the use of monitoring mechanisms such that [Organization] is protected from damage, monetary or otherwise. SharePoint owners and server custodian departments must have appropriate backup and contingency plans for disaster recovery based on risk assessment and business requirements.
  • All SharePoint contracts, leases, licenses, consulting arrangements or other agreements must be authorized and signed by an authorized [Organization] officer and must contain terms approved as to form by the Legal Department, advising vendors of [Organization] ‘s retained proprietary rights and acquired rights with respect to its information systems, programs, and data requirements for SharePoint security, including SQL data maintenance and return.
  • [Organization] SharePoint implementation(s) and/or associated equipment used for [Organization] SharePoint implementations that are conducted and managed outside of [Organization] control must meet contractual requirements and be subject to monitoring by appropriate SharePoint administrators as well as other parties.
Disciplinary Actions Violation of this policy may result in disciplinary action which may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of [Organization] SharePoint access privileges, civil, and criminal prosecution.
Compliance / Regulation Contributed to by this Policy
  • Copyright Act of 1976
  • Foreign Corrupt Practices Act of 1977
  • Computer Fraud and Abuse Act of 1986
  • Computer Security Act of 1987
  • The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Share

SharePoint System Development Policy Template

This file was contributed to by Edgardo Gonzalez of PRSL

Introduction – SharePoint System Development Policy End users may require the integration of external applications with SharePoint Services in order to access vital information to support their informational and collaboration activities. The integrity of the information as well as security and reliability must be assured via the strict application of methods and best practices to enable interfaces to SharePoint services.
Purpose The purpose of the SharePoint System Development Policy is to describe the requirements for developing and/or implementing new software in the [Organization] SharePoint environment.
Audience The [Organization] SharePoint System Development Policy applies equally to all individuals that use any [Organization] SharePoint resource.
SharePoint System Development Policy
  • [Organization] is responsible for developing, maintaining, and participating in a System Development Life Cycle (SDLC) for [Organization] SharePoint development projects. All SharePoint software developed in-house which runs on production servers must be developed according to the SDLC. At a minimum, this plan should address the areas of preliminary analysis or feasibility study; risk identification and mitigation; systems analysis; general design; detail design; development; quality assurance and acceptance testing; implementation; and post-implementation maintenance and review. This methodology ensures that the software will be adequately documented and tested before it is used for critical [Organization] information.
  • All production SharePoint servers must have designated owners and server custodians for the critical information they process. [Organization] SharePoint administrators must perform periodic risk assessments of production SharePoint servers to determine whether the controls employed are adequate.
  • All production SharePoint servers must have an access control system to restrict who can access the system as well as restrict the privileges available to these users. A designated SharePoint administrator (who is not a regular user on the system in question) must be assigned for all production SharePoint servers.
  • Where resources permit, there should be a separation between the production, development, and test SharePoint environments. This will ensure that security is rigorously maintained for the production SharePoint servers, while the development and test environments can maximize productivity with fewer security restrictions. Where these distinctions have been established, development and test staff must not be permitted to have access to production systems. Likewise, all production software testing must utilize sanitized information.
  • All application-program-based access paths other than the formal user access paths must be deleted or disabled before software is moved into production.
SharePoint System Development Policy Supporting Information
  • All SharePoint software programs, SharePoint applications, Web Part / Application source code, Web Part / Application object code, documentation and general operational data shall be guarded and protected as if it were [Organization] property.
  • SharePoint users must engage [Organization] management, or designate, at the onset of any project to acquire SharePoint hardware or to purchase or develop SharePoint software. The costs of acquisitions, development and operation of computer hardware and applications must be authorized by appropriate management. Management and the requesting department must act within their delegated approval limits in accordance with the agency authorization policy. A list of standard software and hardware that may be obtained without specific, individual approval will be published.
  • The department which requests and authorizes a SharePoint application (the site / application owner) must take the appropriate steps to ensure the integrity and security of all SharePoint Web Parts and application logic, as well as data files created by, or acquired for, SharePoint applications. To ensure a proper segregation of duties, owner responsibilities cannot be delegated to the SharePoint server custodian.
  • The integrity of [Organization] SharePoint software, utilities, operating systems, networks, and respective data files are the responsibility of the server custodian department. Data for test and research purposes must be de-personalized prior to release to testers unless each individual involved in the testing has authorized access to the SharePoint data.
  • All [Organization] departments must carefully assess the risk of unauthorized alteration, unauthorized disclosure, or loss of the data within the [Organization] SharePoint environment for which they are responsible and ensure, through the use of monitoring mechanisms such that [Organization] is protected from damage, monetary or otherwise. SharePoint owners and server custodian departments must have appropriate backup and contingency plans for disaster recovery based on risk assessment and business requirements.
Disciplinary Actions Violation of this policy may result in disciplinary action which may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of [Organization] SharePoint access privileges, civil, and criminal prosecution.
Compliance / Regulation Contributed to by this Policy
  • Copyright Act of 1976
  • Foreign Corrupt Practices Act of 1977
  • Computer Fraud and Abuse Act of 1986
  • Computer Security Act of 1987
  • The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Share

SharePoint Server Anti-Keylogger

Purpose

The SPS AKL (SharePoint Portal Server Anti-Key Logger) is an application meant to facilitate key logger detection routines by leveraging windows services, along with removal, and recommended preventions options through multiple modules. There are three main modules that complete the system.

  1. Check Process Service Module – Runs against the current services located on the machine to detect whether a key logger is present on the target machine
  2. Detected Keylog Attempt Module and Actions Management – A management interface for if and when a key logger is detected on one of your SharePoint machines. It will provide you insight into the key logger, and options available to work with the malware.

Audience

  • SharePoint Server Administrators
  • SharePoint Server Custodians
  • Systems Administrators
  • Security Officers

Available Downloads


Download SharePoint Anti-Keylogger – Normal Installation


Download SharePoint Anti-Keylogger – Silent Installation

Application Overview

Key loggers are becoming commonplace methods for intruders to gain access to unauthorized systems by recording user keystrokes as they occur on the arbitrary machine, or in our case, our SharePoint Portal or Windows SharePoint Services server. Protecting your server from key loggers is a fairly crucial measure in any security structure, ensuring your full control of your machines without worrying about compromising it to hackers.

Key loggers can exist on two different levels, both on a hardware and software level. There are a range of available hardware key loggers, ranging from those which are fairly easily to detect such as those that attach inline between the keyboard cable and those which bind to a port where the keyboard is installed, or those which are placed directly into the keyboard or laptop machine. Retrieving the data from the target machine can vary heavily depending on the application used, which has its own implications. The most common way is to slip a Trojan or other remote access application that allows the user direct access to the machine to query the log generated by the key logger. Because SharePoint machines are often hooked into MS exchange servers, typically the information can automatically be sent via using email, which is slightly more elegant than the former technique because it lessens the trail detection and gives less evidence to forensic computer analysts.

Key loggers at first glance appear to be for malicious purposes, but this is not entirely the case. Against the authors ethics and beliefs, as well as several others, various corporations have been installing hard key loggers into their machines to capture exact employee activity and report on arbitrary data. The laws regarding this are fairly blatant, as it is typically the companies property any and all information that is created, stored, or possibly sent from the host machine remains the property of company (this is a fairly grey issue) and therefore there are no legal ramifications that prevent organizations from doing so. The FBI has even been known to leverage key logging technology to break down encrypted communications by those participating in illegal activity (the most famous of which, is Magic Latern).

Securing your SharePoint environment for key logger is as important as web and network layer security. The SPS AKL is composed of two main modules that help you harden your SharePoint environment, one for detection and another for management. The central processing portions are kept as a windows service that will need to be installed.

In order to install the Anti-Keylogger service:

  1. Select Start
  2. Choose Run
  3. Enter the following command: C:\Program Files\ARB Security Solutions\SPS AKL\SharePoint AKL Service.exe /INSTALL

This will allow you to manage the services from the services.msc Snap-In, where you should be able to control it at a more granular level in regards to starting options.
Once you have the service installed, the other tools are easy to use. Select the SPS AKL from the programs fly out, and you will notice a new item is appended to your task bar. From here you can either check the current processes for key loggers, or you can bring up the main interface which will allow you to resolve key logging issues.

From the icon, you can bring up the selection interface by right clicking on it

It is suggested to just leave the interface in the task bar state in so that you can receive notifications regarding key loggers as they arise.

Share