From MS SharePoint 2013 Security Technical Implementation Guide
Part of SRG-APP-000014
Associated with: CCI-000068
Remote access is any access to an organizational information system by a user (or an information system) communicating through an external, non-organization-controlled network (e.g., the Internet). Examples of remote access methods include dial-up, broadband, and wireless.
Review the SharePoint server configuration to ensure approved cryptography is being utilized to protect the confidentiality of remote access sessions. Navigate to Central Administration. Under “System Settings”, click “Configure Alternate Access mappings”. Review the “Public URL for zone” column values. If any URL does not begin with “https”, this is a finding.
Configure the SharePoint server to use approved cryptography to protect the confidentiality of remote access sessions. Open IIS Manager. In the Connections pane, expand "Sites". Click the "Web Application" site. In the Actions pane, click "Bindings". In the Site Bindings window, click "Add". In the Add Site Binding window, change "Type" to "https", and select the site's SSL certificate. Click "OK". Remove all bindings that do not use https. Click "Close".
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer