The
very nature of interconnected networks requires that all information be
sent in a format that can easily be intercepted by any client on a
physical network segment. The data must be organized in a structured,
common way so that the destination server can translate it into the
proper information. This is especially the case for SharePoint
environments. This simplicity also gives rise to security problems,
however, because intercepted data can easily be misused if it falls into
the wrong hands.
The need to make
information unusable if intercepted is the basis for all transport-level
encryption. Considerable effort goes into both sides of this equation:
Security specialists develop schemes to encrypt and disguise data, and
hackers and other security specialists develop ways to forcefully
decrypt and intercept data. The good news is that encryption technology
has developed to the point that properly configured environments can
secure their data with a great deal of success, as long as the proper
tools are used. SharePoint’s operating system, Windows Server, offers
much in the realm of transport-level security, and deploying some or
many of the technologies available is highly recommended to properly
secure important data. This is particularly true for SharePoint content,
because without transport-level security, the data sent between
critical SharePoint systems, such as the communications between SharePoint web role servers and SQL database role servers, is unencrypted and can be intercepted.
Realizing Security by Deploying Multiple Layers of Defense
Because even the
most secure infrastructures are subject to vulnerabilities, deploying
multiple layers of security on critical network data is recommended. If a
single layer of security is compromised, the intruder has to bypass the
second or even third level of security to gain access to the vital
data. For example, relying on a complex 128-bit “unbreakable” encryption
scheme is worthless if an intruder simply uses social engineering to
acquire the password or PIN from a validated user. Putting in a second
or third layer of security, in addition to the first one, makes it that
much more difficult for intruders to break through all layers.
Transport-level security
in Windows Server uses multiple levels of authentication, encryption,
and authorization to provide an enhanced degree of security on a
network. The configuration capabilities supplied with Windows Server
allow for the establishment of several layers of transport-level
security.
Understanding Encryption Basics
Encryption,
simply defined, is the process of taking intelligible information and
scrambling it so as to make it unintelligible for anyone except the user
or computer that is the destination of this information. Without going
into too much detail on the exact methods of encrypting data, the
important point to understand is that proper encryption allows this data
to travel across unsecured networks, such as the Internet, and be
translated only by the designated destination. If packets of properly
encrypted information are intercepted, they are worthless because the
information is garbled.
Using Virtual Private Networks to Secure Access to SharePoint
A common method of
securing access to SharePoint farms from across unsecured networks is to
create a virtual private network (VPN), which is effectively a
connection between two private nodes or networks that is secured and
encrypted to prevent unauthorized snooping of the traffic between the
two connections. From the client perspective, a VPN looks and feels just
like a normal network connection to SharePoint (hence the term virtual private network).
Data sent across a VPN is
encapsulated, or wrapped, in a header that indicates its destination.
The information in the packet is then encrypted to secure its contents.
The encrypted packets are then sent across the network to the
destination server, using a VPN tunnel.
Examining VPN Tunnels
The connection made by VPN clients across an unsecured network is known as a VPN tunnel. It is named as such because of the way it “tunnels” underneath the regular traffic of the unsecured network.
VPN
tunnels are logically established on a point-to-point basis but can be
used to connect two private networks into a common network
infrastructure. In many cases, for example, a VPN tunnel serves as a
virtual WAN link between two physical locations in an organization, all
while sending the private information across the Internet. VPN tunnels
are also widely used by remote users who log in to the Internet from
multiple locations and establish VPN tunnels to a centralized VPN server
in the organization’s home office. These reasons make VPN solutions a
valuable asset for organizations, and one that can be easily established
with the technologies available in Windows Server.
Note
VPN tunnels can either be
voluntary or compulsory. In short, voluntary VPN tunnels are created
when a client, usually out somewhere on the Internet, asks for a VPN
tunnel to be established. Compulsory VPN tunnels are automatically
created for clients from specific locations on the unsecured network and
are less common in real-life situations than are voluntary tunnels.
Reviewing Tunneling Protocols
The tunneling protocol is the
specific technology that defines how data is encapsulated, transmitted,
and unencapsulated across a VPN connection. Varying implementations of
tunneling protocols exist and correspond with different layers of the
Open System Interconnection (OSI) standards-based reference model. The
OSI model is composed of seven layers, and VPN tunneling protocols use
either Layer 2 or Layer 3 as their unit of exchange. Layer 2, a more
fundamental network layer, uses a frame as the unit of exchange, and
Layer 3 protocols use a packet as a unit of exchange.
The most common Layer 2
VPN protocols are the Point-to-Point Tunneling Protocol (PPTP) and the
Layer 2 Tunneling Protocol (L2TP), both of which are fully supported
protocols in Windows Server and are also natively available in
Microsoft’s Forefront Threat Management Gateway (TMG) and Unified Access
Gateway (UAG) products.
Outlining the PPTP and L2TP Protocols
Both PPTP and L2TP are based
on the well-defined Point-to-Point Protocol (PPP) and are accepted and
widely used in various VPN implementations. L2TP is the preferred
protocol for use with VPNs in Windows Server because it incorporates the
best of PPTP, with a technology known as Layer 2 Forwarding. L2TP
allows for the encapsulation of data over multiple network protocols,
including IP, and can be used to tunnel over the Internet. The payload,
or data to be transmitted, of each L2TP frame can be compressed, as well
as encrypted, to save network bandwidth.
Both PPTP and L2TP
build on a suite of useful functionality introduced in PPP, such as
user authentication, data compression and encryption, and token card
support. These features, which have all been ported over to the newer
implementations, provide for a rich set of VPN functionality.
Detailing the L2TP/IPsec Secure Protocol
Windows
Server offers an additional layer of encryption and security by
utilizing IP Security (IPsec), a Layer 3 encryption protocol, in concert
with L2TP in what is known, not surprisingly, as L2TP/IPsec. IPsec
allows for the encryption of the L2TP header and trailer information,
which is normally sent in clear text. This also has the added advantage
of dual-encrypting the payload, adding an additional level of security
into the mix. IPsec is particularly useful in communications between
SharePoint servers because information sent between members of a farm is
unencrypted by default, making it more vulnerable to snooping.
L2TP/IPsec has some distinct advantages over standard L2TP, namely the following:
L2TP/IPsec allows for data
authentication on a packet level, allowing for verification that the
payload was not modified in transit, as well as the data confidentiality
provided by L2TP.
Dual-authentication mechanisms stipulate that both computer-level and user-level authentication must take place with L2TP/IPsec.
L2TP
packets intercepted during the initial user-level authentication cannot
be copied for use in offline dictionary attacks to determine the L2TP
key because IPsec encrypts this procedure.
An L2TP/IPsec packet
contains multiple, encrypted header information, and the payload itself
is deeply nested within the structure. This allows for a great deal of
transport-level security on the packet itself.
