SharePoint Sicherheit
Artikel
Information Security Policies for Sharepoint Products and Technologies
In today’s world, you cannot really secure a network without having information security policies in place. Such policies are really business rules—rules that define acceptable and sometimes required behavior regarding your company’s information. Information security policies continue to become more complex because the technologies that host an organization’s mission-critical information are also becoming more complex every year, if not every month. From cell phones to laptops, from PDAs to servers, the access vectors and potential security holes are increasing as the technology complexity increases. Information security policies are one method of plugging many security holes by prescribing acceptable behavior as information is developed and stored.
The more an organization follows information security policies, the more dependent an organization becomes on these rules in a host of situations, such as guiding a manager on acceptable behavior about how information is accessed, informing a legal team as to whether a manager has performed due diligence, or acting as reference documents for internal security audits.
Some will say that the problem with information security policies is that the rules are only as effective as the people who obey them. But the presence of information security policies in an organization is fast becoming a legal assumption: those companies that operate without information security policies (hereafter referred to simply as policies) might be subject to the charge that reasonable care for an organization’s information was not executed. Regardless of an organization’s size, purpose, or location, effective information security is vital, so we are covering it in this resource kit.
The purpose of this chapter is to outline those types of policies that should be considered when implementing either Microsoft Windows SharePoint Services or Microsoft Office SharePoint Portal Server 2003. Our purpose is not to write the policies for you or even to give you a sample set of policies from which to work, but rather to highlight the types of policies that will be affected when implementing SharePoint Products and Technologies.
Single Sign-On in Sharepoint Portal Server 2003
Single sign-on is a new feature in Microsoft Office SharePoint Portal Server 2003 that provides storage and mapping of credentials such as account names and passwords so that the portal site–based applications can retrieve information from the third-party applications and back-end systems, for example, Enterprise Resource Planning (ERP) and Customer Relations Management (CRM) systems. The single sign-on functionality is implemented by the Microsoft Single Sign-On (SSOSrv) service. SSOSrv is a credential storage service that allows the saving and retrieval of credentials. The use of single sign-on functionality stops users from having to authenticate themselves more than once when the portal site–based applications need to obtain information from other business applications and systems.
As these examples show, by using single sign-on you can centralize information from multiple back-end applications through a single portal that uses application definitions. In addition, SharePoint Portal Server 2003 provides a programming interface for developers to use and extend this feature.
|
Search
Versions
About