Central Administrator site must not be accessible from Extranet or Internet connections.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-28281 | SHPT-00-000690 | SV-36741r1_rule | DCPA-1 | Medium |
| Description |
|---|
| SharePoint must prevent the presentation of information system management-related functionality at an interface utilized by general, (i.e., non-privileged), users. The Central Administrator is an application used to manage SharePoint system settings and the settings of the web applications running under SharePoint. The Central Administrator application should both be protected using a defense-in-depth approach. Regular users should not be able to access the Central Administrator as the first line of defense. The second line of defense is regular users do not have user ids defined in the Central Administration application. |
| STIG | Date |
|---|---|
| SharePoint 2010 Security Technical Implementation Guide (STIG) | 2011-12-20 |
Details
| Check Text ( C-37494r1_chk ) |
|---|
| Check outside access to Central Administrator. 1. On an administrative work station, open Central Administrator and make note of the URL (i.e., http://sharepointserver:7040). 2. Try to open the Central Administrator application on a regular user’s workstation. Open a Web browser and type in the URL to Central Administrator. If the Central Administrator can be opened, it is a finding. |
| Fix Text (F-32742r1_fix) |
|---|
| Block outside Central Administrator access. Use an IIS IP address restrictions, firewall, or other filtering solutions to limit access to Central Administrator site. |