Plan security for an internal team or department environment (Search Server 2008)

Applies To: Microsoft Search Server 2008

 

Topic Last Modified: 2009-08-04

Note

Unless otherwise noted, the information in this article applies to both Microsoft Search Server 2008 and Microsoft Search Server 2008 Express.

In this article:

  • Secure design checklist

  • Plan security hardening for server roles

  • Plan secure configurations for Search Server 2008 features

Security guidance for an internal team or department focuses on recommending practical security configurations and settings for a team or department inside a larger organization. This guidance assumes that the servers are not hosted by the primary IT team within the organization.

Whereas the guidance for this environment requires some IT knowledge, it is not necessary for farm administrators to be dedicated IT specialists. If more specialized roles are required to implement a setting, these roles are noted.

This guidance is intended to be used together with the guidance provided in Plan secure configurations for Search Server 2008 features.

Secure design checklist

Review the following checklist to ensure that your plans meet the criteria for a secure server topology design.

Topology

[ ]

For a team or department deployment that has internal access only, Microsoft Search Server 2008 can be installed on a single server or on two servers. (Search Server 2008 Express can be installed on only one server.)

[ ]

In a deployment with two or more servers, the Central Administration site should be hosted on a different server than the front-end Web server, where you can. This can only be done if application server roles are hosted on a different server than the front-end Web server role.

For example, if Server A hosts the front-end Web server role and Server B hosts the database and application server roles, the most secure location for the Central Administration site is on Server B. However, if Server A hosts the front-end Web server and application server roles and Server B hosts only the database role, the only option is to host the Central Administration site on Server A.

Note

Search Server 2008 Express can be installed on only a single server.

Logical architecture

[ ]

At least one zone in each Web application uses NTLM authentication. This is required for the search account to crawl content within the Web application. The search account cannot use Kerberos authentication to crawl content.

For more information, see Plan authentication methods (Search Server 2008).

[ ]

When deploying custom Web Parts, ensure that only trustworthy Web Parts are deployed within Web applications that host sensitive or secure content. This protects the sensitive content against intra-domain scripting attacks.

Plan security hardening for server roles

Note

The information in this section does not apply to Microsoft Search Server 2008 Express. It applies to the full version of Microsoft Search Server 2008 only.

Guidance for an internal team or department environment assumes that only internal access is enabled for the servers, sites, and content, and that the overall network environment is secured by policies developed by an IT department. Consequently, hardening servers for specific roles is not necessary to the same extent as for other environments.

Plan secure configurations for Search Server 2008 features

The following table describes additional recommendations for securing Search Server 2008 features. These recommendations are appropriate for an internal team or department environment.

Feature or area Recommendation

Authentication

Authenticate against the existing identity management system. If this is not the Active Directory directory service, use ASP.NET forms-based authentication to connect to your identity management system. Using forms-based authentication might require assistance from the following roles:

  • ASP.NET developer to develop the authentication provider.

  • Administrator of the identity management system to which you are connecting.

Central Administration site

  • Restrict access to the Central Administration site to appropriate users only.

  • If you are enabling the Central Administration site for remote administration, secure the Central Administration site by using Secure Sockets Layer (SSL).

  • Administrators who run deployment operations must be members of the local Administrators group on the server that hosts the Central Administration site.

Windows SharePoint Services Administration service

In a single-server deployment, the Windows SharePoint Services Administration service is disabled by default for the following reasons:

  • This service, which is used to run deployment tasks that are initiated from the Central Administration site, is generally not required for a single-server deployment. However, deployment tasks can be run by using the stsadm.exe command-line tool, which does not require you to use this service.

  • The account that is used for the Central Administration site may be shared with all other processes. Consequently, disabling this service results in a more secure configuration.

For a secure single-server deployment, we recommend that you:

  • Change the server farm account after you run Setup.

  • Start the Windows SharePoint Services Administration service.

Performing these actions will enable you to perform deployment-related tasks directly from the Central Administration site.

See Also

Concepts

Plan environment-specific security (Search Server 2008)
Plan security for an external secure search environment (Search Server 2008)
Plan security for an external anonymous access environment (Search Server 2008)