Auditing SharePoint Permissions

download Auditing SharePoint Permissions
  • date post

    13-Apr-2017
  • Category

    Software

  • view

    311
  • download

    0

Embed Size (px)

Transcript of Auditing SharePoint Permissions

Adsfas

Auditing SharePoint PermissionsWHY? HOW? WHAT?

Karim RoumaniSolutions Director/SpeakerTwitter: @KarimsPointKarim.Roumani@tekreach.com

1

AssumingAssume have an basic understandingeBook to get started - http://bit.ly/1RuAAn7

Why Should You Care?CyberCrime is not a hobby, its big businessOrganized CrimeNation StatesTerror GroupsSecurity Vulnerabilities Hit all Time high in 2014Heartbleed SSLShellshock (unix)Sandworm (windows malware using OLE)People Are the Weakest link / Bad Apple / LeakersDownsizing, Leaving on Bad Terms, Mistakes, Social Engineering CompetitorsContractorsExampleseBay, Home Depot, Michaels, Sony, Target

3

WHY PERMISSIONS ARE DIFFICULT TO REGULATE?

The Human WeaknessConvenience people just give permissions without thorough understandingForget To delete the userSet an expiration dateRemove the permissionsLack of Visibility and Visualization on the DataDifficulty to Grasp the Risks

Not in our instinct to recognize the danger of information leaks. Unlick our fight or flight response5

The Human WeaknessDifficulty to Grasp the Risks

Not in our instinct to recognize the danger of information leaks. Unlick our fight or flight response6

SharePoint ChallengeNested ObjectsHard to see a full pictureConfusingDaunting EffortNo Process Exists

IMPACT of BREACHLawsuitsTrade Secret/ Financial LossSocial Security, Credit Cards, Medical RecordsCompliance IssuesEmbarrassment

8

Producer at SONY thinks Angelina Jolie is a "spoiled brat"

9

RISK IMPACT of BREACHPR CrisisFired

10

HoW? PLAN?GOAL: No Person Should have Access to Information they shouldnt have access to.

We need to understand what I looks like now, evaluate it then make any changes.11

THE PLAN

Permission Check List

Marketing Owners

Mike

13

HOW DO I BUILD THIS MASTER LIST?

Brush Up

AUDITING Site Collection ADMINISTRATORSOPEN DEMO

16

Manual Check of Unique PermissionsSites

Excel Master List

https://tekreach.sharepoint.com/sites/demoSite Settings on the main siteSite PermissionsCheck to see if the web has unique permissions.

17

LIST AUDIT

HR WEBSITE DEMO

https://tekreach.sharepoint.com/sites/demo/hrhttps://tekreach.sharepoint.com/sites/demo/hr/_layouts/15/start.aspx#/_layouts/15/user.aspx 18

ITEM Unique PermissionsItems

https://tekreach.sharepoint.com/sites/demo/hrhttps://tekreach.sharepoint.com/sites/demo/hr/_layouts/15/start.aspx#/_layouts/15/user.aspx 19

Challenges out of the boxToo Many Clicks and WindowsVery tough to trackCollaboration is difficultBuilding a Master Tedius

https://tekreach.sharepoint.com/sites/demo/hrhttps://tekreach.sharepoint.com/sites/demo/hr/_layouts/15/start.aspx#/_layouts/15/user.aspx 20

Using ToolsPowershell (scripting/coding)Tru Permissions Auditor (turn-key)

Poweshell FlavorsServer Code (works only with on-premises)Client Code (needed for O365)

Tru Permission Auditor DEMOtruapps.portalfront.com

Show StructureShow AD Group MembersCheck for kred\sample group on main site and show membersKred\karim.Roumani

http://tekdev13.sytes.net23

4 FINAL KEY TIPS

Auditing EFFECTIVE PERMISSIONSConfirm Your DoubtsConfirm AccessConfirm Changes Are correctEffective Permissions Are the TRUTHIF JOHN.DOE ReadMARKETING Group EDITJOHN.DOE IS MEMBER OF MARKETING GROUP

THEN EFFECTIVE PERMISSIONS ARE JOHN.DOE EDIT

DEMO CHECK PERMISSIONS

http://tekdev13.sytes.net/_layouts/15/start.aspx#/_layouts/15/user.aspxIndicate how Mike has Read on this siteCheck Permission shows EditShows the source.25

EXTERNAL USERSWhat is an external user?An external user is someone outside of your organization who can access your SharePoint Online sites and documents but does not have a license for your SharePoint Online or Microsoft Office 365 subscription. External users are not employees, contractors, or onsite agents for you or your affiliates.External users inherit the use rights of the SharePoint Online customer who is inviting them to collaborate. That is, if an organization purchases an E3 Enterprise plan, and builds a site that uses enterprise features, the external user is granted rights to use and/or view the enterprise features within the site collection they are invited to. While external users can be invited as extended project members to perform a full range of actions on a site, they will not have the exact same capabilities as a full, paid, licensed member within your organization. The limitations are described in the table below.

FIND ALL EXTERNAL USERS

LAUNCH DEMO

https://portal.office.com/admin/default.aspx#SitesPageClick on External Sharing -> SitesShow Site URL -> Click on itUser name27

WHAT ISEVERYONE EXCEPT EXTERNAL USERS GROUPEveryone except external users When a user is added to Office 365, the user automatically becomes a member of Everyone except external users. By default, the Everyone except external users group is added to the Members group on the SharePoint Team Site. It is automatically assigned a permission level of Contribute. This means all users who are added to Office 365 can view, add, update, and delete items from lists and libraries. If you want to change the permission levels for this group, you can remove it from the Members group and then add it to a group that uses different permissions. For example, you might add the Everyone except external users to the SharePoint Visitors group. This automatically assigns a Read permission level to all users in the Everyone except external users group

Share Everything in this Folder (New Feature)Changeswere made to the folder sharing behavior in SharePoint Online. Before this update,folder sharing shared only the contents of the folder that inherited permissions from the folder. The new changeslets users share all contents (even uniquely permissioned contents) in a folder when they share a folder. To dothis,select theShare everything in this folder, even items with unique permissionscheck box in the sharing dialog box for a folder.

https://support.microsoft.com/en-us/kb/3048806

https://support.microsoft.com/en-us/kb/304880629

MOVING FORWARDSite Owner EducationAudit Triggers / Schedules

WHEN TO AUDITMigration of DataSecurity ReviewRecent BreachEmployee or Contractor leavingWhat do they still have access to?Did they modify permissionsTaking over administration. What's the current lay of the land.Validating controls of a new comer.Many unique item level permissionsEmployee Changing Roles

COMMON PITFALLSA person still in a nested groupA person given direct access to an obscure objectExternal Users who still have accessA person who gave another person the wrong access. (lack of training/user error)

SUMMARYRISKS Challenges Keeping Clean PermissionsAudit PlanMaster List / manual using toolsExternal UsersKey Concepts

ULTIMATE GOALNo Person Should have Access to Information they shouldnt have access to.

THANK YOU FOR ATTENDING/ QUESTIONSKarim RoumaniSolutions Director/SpeakerTwitter: @KarimsPointKarim.Roumani@tekreach.com

We will send you a link to the recordingPlease fill out feedback survey Tru Apps: http://truapps.portalfront.com/sharepoint-permissions-audit-report.htmlSharePoint Permissions eBook: http://bit.ly/1RuAAn7

Add me to twitterEmail me for questions

Invitation Email

Anonymous Guest Link