SharePoint must reject or delay, as defined by the organization, network traffic generated above configurable traffic volume thresholds.

From MS SharePoint 2013 Security Technical Implementation Guide

Part of SRG-APP-000106

Associated with: CCI-000366

SV-74385r1_rule SharePoint must reject or delay, as defined by the organization, network traffic generated above configurable traffic volume thresholds.

Vulnerability discussion

It is critical when a system is at risk of failing to process audit logs as required; actions are automatically taken to mitigate the failure or risk of failure.One method used to thwart the auditing system is for an attacker to attempt to overwhelm the auditing system with large amounts of irrelevant data. The end result is audit logs that are either overwritten and activity thereby erased or disk space that is exhausted and any future activity is no longer logged.In many system configurations, the disk space allocated to the auditing system is separate from the disks allocated for the operating system; therefore, this may not result in a system outage.

Check content

Review the SharePoint server configuration to ensure network traffic generated above configurable traffic volume thresholds, as defined by the organization or site SSP, is rejected or delayed. Log on to the server. Click Start. Type Internet Information Services Manager in the Search Bar, click Enter. Determine which IIS Sites are subject to user traffic. This is generally the IIS site hosting the Content Web Application. For each site IIS site subject to user traffic, select the site. Click Advanced Settings. Expand Connection Limits. Ensure the following settings possess a value: -Connection Time-Out -Maximum Bandwidth -Maximum Concurrent Connections Repeat steps for each site subject to user traffic. Otherwise, this is a finding.

Fix text

Configure SharePoint to reject or delay, as defined by the organization or site SSP, network traffic generated above configurable traffic volume thresholds. Log on to the server. Click Start. Type Internet Information Services Manager in the Search Bar, click Enter. Determine which IIS Sites are subject to user traffic. This is generally the IIS site hosting the Content Web Application. For each site IIS site subject to user traffic, select the site. Click Advanced Settings. Expand Connection Limits. Ensure the following settings possess a value: -Connection Time-Out -Maximum Bandwidth -Maximum Concurrent Connections Repeat steps for each site subject to user traffic.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer