Auditing SharePoint Permissions
Embed Size (px)
Transcript of Auditing SharePoint Permissions
Auditing SharePoint PermissionsWHY? HOW? WHAT?
Karim RoumaniSolutions Director/SpeakerTwitter: @KarimsPointKarim.Roumani@tekreach.com
AssumingAssume have an basic understandingeBook to get started - http://bit.ly/1RuAAn7
Why Should You Care?CyberCrime is not a hobby, its big businessOrganized CrimeNation StatesTerror GroupsSecurity Vulnerabilities Hit all Time high in 2014Heartbleed SSLShellshock (unix)Sandworm (windows malware using OLE)People Are the Weakest link / Bad Apple / LeakersDownsizing, Leaving on Bad Terms, Mistakes, Social Engineering CompetitorsContractorsExampleseBay, Home Depot, Michaels, Sony, Target
WHY PERMISSIONS ARE DIFFICULT TO REGULATE?
The Human WeaknessConvenience people just give permissions without thorough understandingForget To delete the userSet an expiration dateRemove the permissionsLack of Visibility and Visualization on the DataDifficulty to Grasp the Risks
Not in our instinct to recognize the danger of information leaks. Unlick our fight or flight response5
The Human WeaknessDifficulty to Grasp the Risks
Not in our instinct to recognize the danger of information leaks. Unlick our fight or flight response6
SharePoint ChallengeNested ObjectsHard to see a full pictureConfusingDaunting EffortNo Process Exists
IMPACT of BREACHLawsuitsTrade Secret/ Financial LossSocial Security, Credit Cards, Medical RecordsCompliance IssuesEmbarrassment
Producer at SONY thinks Angelina Jolie is a "spoiled brat"
RISK IMPACT of BREACHPR CrisisFired
HoW? PLAN?GOAL: No Person Should have Access to Information they shouldnt have access to.
We need to understand what I looks like now, evaluate it then make any changes.11
Permission Check List
HOW DO I BUILD THIS MASTER LIST?
AUDITING Site Collection ADMINISTRATORSOPEN DEMO
Manual Check of Unique PermissionsSites
Excel Master List
https://tekreach.sharepoint.com/sites/demoSite Settings on the main siteSite PermissionsCheck to see if the web has unique permissions.
HR WEBSITE DEMO
ITEM Unique PermissionsItems
Challenges out of the boxToo Many Clicks and WindowsVery tough to trackCollaboration is difficultBuilding a Master Tedius
Using ToolsPowershell (scripting/coding)Tru Permissions Auditor (turn-key)
Poweshell FlavorsServer Code (works only with on-premises)Client Code (needed for O365)
Tru Permission Auditor DEMOtruapps.portalfront.com
Show StructureShow AD Group MembersCheck for kred\sample group on main site and show membersKred\karim.Roumani
4 FINAL KEY TIPS
Auditing EFFECTIVE PERMISSIONSConfirm Your DoubtsConfirm AccessConfirm Changes Are correctEffective Permissions Are the TRUTHIF JOHN.DOE ReadMARKETING Group EDITJOHN.DOE IS MEMBER OF MARKETING GROUP
THEN EFFECTIVE PERMISSIONS ARE JOHN.DOE EDIT
DEMO CHECK PERMISSIONS
http://tekdev13.sytes.net/_layouts/15/start.aspx#/_layouts/15/user.aspxIndicate how Mike has Read on this siteCheck Permission shows EditShows the source.25
EXTERNAL USERSWhat is an external user?An external user is someone outside of your organization who can access your SharePoint Online sites and documents but does not have a license for your SharePoint Online or Microsoft Office 365 subscription. External users are not employees, contractors, or onsite agents for you or your affiliates.External users inherit the use rights of the SharePoint Online customer who is inviting them to collaborate. That is, if an organization purchases an E3 Enterprise plan, and builds a site that uses enterprise features, the external user is granted rights to use and/or view the enterprise features within the site collection they are invited to. While external users can be invited as extended project members to perform a full range of actions on a site, they will not have the exact same capabilities as a full, paid, licensed member within your organization. The limitations are described in the table below.
FIND ALL EXTERNAL USERS
https://portal.office.com/admin/default.aspx#SitesPageClick on External Sharing -> SitesShow Site URL -> Click on itUser name27
WHAT ISEVERYONE EXCEPT EXTERNAL USERS GROUPEveryone except external users When a user is added to Office 365, the user automatically becomes a member of Everyone except external users. By default, the Everyone except external users group is added to the Members group on the SharePoint Team Site. It is automatically assigned a permission level of Contribute. This means all users who are added to Office 365 can view, add, update, and delete items from lists and libraries. If you want to change the permission levels for this group, you can remove it from the Members group and then add it to a group that uses different permissions. For example, you might add the Everyone except external users to the SharePoint Visitors group. This automatically assigns a Read permission level to all users in the Everyone except external users group
Share Everything in this Folder (New Feature)Changeswere made to the folder sharing behavior in SharePoint Online. Before this update,folder sharing shared only the contents of the folder that inherited permissions from the folder. The new changeslets users share all contents (even uniquely permissioned contents) in a folder when they share a folder. To dothis,select theShare everything in this folder, even items with unique permissionscheck box in the sharing dialog box for a folder.
MOVING FORWARDSite Owner EducationAudit Triggers / Schedules
WHEN TO AUDITMigration of DataSecurity ReviewRecent BreachEmployee or Contractor leavingWhat do they still have access to?Did they modify permissionsTaking over administration. What's the current lay of the land.Validating controls of a new comer.Many unique item level permissionsEmployee Changing Roles
COMMON PITFALLSA person still in a nested groupA person given direct access to an obscure objectExternal Users who still have accessA person who gave another person the wrong access. (lack of training/user error)
SUMMARYRISKS Challenges Keeping Clean PermissionsAudit PlanMaster List / manual using toolsExternal UsersKey Concepts
ULTIMATE GOALNo Person Should have Access to Information they shouldnt have access to.
THANK YOU FOR ATTENDING/ QUESTIONSKarim RoumaniSolutions Director/SpeakerTwitter: @KarimsPointKarim.Roumani@tekreach.com
We will send you a link to the recordingPlease fill out feedback survey Tru Apps: http://truapps.portalfront.com/sharepoint-permissions-audit-report.htmlSharePoint Permissions eBook: http://bit.ly/1RuAAn7
Add me to twitterEmail me for questions
Anonymous Guest Link