Scans of SharePoint Servers :
The Network Discover Server locates a wide range of exposed confidential data on SharePoint servers. It communicates with the Enforce Server to obtain information about policies and scan targets. It sends information about the exposed confidential data that it finds to the Enforce Server for reporting and remediation.
The following types of SharePoint items are scanned:
1] Wiki pages
2] Blogs
3] Calendar entries
4] Tasks
5] Project tasks
6] Discussion entries
7] Contact lists
8] Announcements
9] Links
10] Surveys
11] Issue tracking
12] Custom lists
13] Documents in the document library
Note: Only the latest version of a document is scanned.
The communication between the Discover Server and the SharePoint Web Front End (WFE) is SOAP-based.
Communication is secure when the SharePoint Web sites are configured to use SSL.
For HTTPS, validation of the server SSL certificate is not the default. To enable validation of the server SSL certificate, turn on the advanced setting Discover.ValidateSSLCertificates. Then import the server SSL certificate to the Discover Server.
If the specified SharePoint site is configured to be on a port that is not the default (80), ensure that the SharePoint server allows the Discover Server to communicate on the required port.
The SharePoint solution uses Windows SharePoint Services (WSS) application programming interfaces. User access to the content is based on the rights for the specified user in SharePoint. Enter the user credentials to specify this user when you configure a SharePoint scan.
######### Configuring and running SharePoint server scans ########
Before you run a scan, you must set up a target using the following procedure.
The SharePoint solution must be installed on the Web Front End in a farm. In next section of the same article I have explain with details for better understanding of installation on the Web Front End.
To set up a new target for the scan of a SharePoint server
i] Click Manage > Discover Scanning > Discover Targets > New Target > Server > SharePoint.
ii] On the General tab, enter the name of this scan target.
iii] Select the policy groups that contain the policies for this target scan.
iv] Select the Discover Servers where this target scan can run.
v] Select Scheduling options.
Choose Submit Scan Job on Schedule to set up a schedule for scanning the specified target. Select an option from the schedule drop-down list to display additional fields.
Choose Pause Scan between these times to automatically pause scans during the specified time interval. You can override a target's pause window by going to the Discover Targets screen and clicking the start icon for the target entry. The pause window remains intact, and any future scans that run up against the window can pause as specified. You can also restart a paused scan by clicking the continue icon for the target entry.
vi] On the Scanned Content tab, enter the credentials for this scan.
You can specify a default user name for access to all SharePoint sites, except those specified using the Add editor.
If you specify SharePoint sites with the Add editor, you can specify separate credentials for each site.
The user accounts should have "Browse Directories" permissions in SharePoint to perform the scan. To retrieve permissions, the user account needs the "Enumerate Permissions" SharePoint permission level.
Access privileges for SharePoint 2007 and 2010 scans:
To perform the SharePoint scan, the user accounts should have sufficient rights to access and browse the SharePoint site content. The user account must also have permission to invoke Web services and permission to obtain the access control list (ACL).
These rights correspond to the lower-level SharePoint permissions "Browse Directories,""Use Remote Interfaces," and "Enumerate Permissions." Refer to the Microsoft SharePoint documentation for more information on SharePoint permissions and permission levels. If the user account does not have the "Enumerate Permissions" right, then the ACL is not obtained for the SharePoint content.
The following permission levels in SharePoint already have these permissions defined:
Full Control (includes Browse Directories, Use Remote Interfaces, and Enumerate permissions)
Design (includes Browse Directories and Use Remote Interfaces permissions)
Contribute (includes Browse Directories and Use Remote Interfaces permissions)
vii] Specify the SharePoint sites to scan.
For each site, enter a target URL to the SharePoint Web application or site collection or site to be scanned. All the items in its child sites and sub sites are scanned.
For a Web application, specify for example: http://www.sharepoint.com:2020
For a site collection, specify for example: http://www.sharepoint.com:2020/Sites/collection
For a site or sub-site, specify for example: http://www.sharepoint.com:2020/Sites/mysharepoint/sub/mysite
For the SharePoint site, use the public URL instead of the internal URL.
The Following syntax applies for the URL and credentials on each line.
URL,[username,password]Select one of the following methods of entering the location for the SharePoint server:
a] Uploaded file
Select Scan Sites From an Uploaded File. Create and save a plain text file (.txt) listing the servers you want to scan. Create the file using an ASCII text editor and enter one URL per line. Then click Browse to locate the file with the list. Click Upload Now to import it.
b] Individual entries
Select Scan Sites. Click Add to use a line editor to specify the servers you want to scan. Server information that is entered here takes precedence over the default values and applies only to the path specified.
viii] Select Path Filters.
Use the Include Filter and Exclude Filter to specify the items that Symantec Data Loss Prevention should process or skip. If the field is empty, Symantec Data Loss Prevention performs matching on all items. If you enter any values for the Include Filter, Symantec Data Loss Prevention scans only those items that match your filter. Delimit entries with a comma, but do not use any spaces.
You can provide filters using regular expressions, or paths relative to the location of the SharePoint site. Filters can include a site collection, site, sub site, folder, file name, or file extension. Path filters are not applied on attachments of an item, such as a .doc attachment to a list item.
All path filters are case-sensitive .
For the Include Filter, regular expression matching is applied to files, but not to folders.
For the Exclude Filter, regular expression matching is applied to both files and folders.
Only the path until the first "?" or "*" is considered when a folder or file is matched.
When all the specified path filters are relative, the matching folder is skipped, and the scan statistics do not include the items in the skipped folders.
ix] Select Date Filters.
The date filters let you include items from the matching process based on their dates. Any items that match the specified date filters are scanned.
x] Select Size Filters.
The size filters let you exclude items from the matching process based on their size. Symantec Data Loss Prevention includes only the items that match your specified size filters. If you leave this field empty, Symantec Data Loss Prevention performs matching on items or documents of all sizes.
Filtering Discover targets by item size:
Use size filters to exclude items from the matching process that are based on their size.
Size filters are only available for files on file shares, Endpoint files, Lotus Notes documents, SharePoint items, and Exchange items.
You can configure other options for this target.
To exclude items based on item size:
a] In the Enforce Server administration console, go to Manage > Discover Scanning > Discover Targets.
b] Click the name of the scan that you want to filter based on item size.
c] Click the Scanned Content tab.
d] Enter optional values under the item size filters.
Symantec Data Loss Prevention includes only the items that match your specified size filters. If you leave this field empty, Symantec Data Loss Prevention performs matching on items of all sizes.
Note that all filters are combined with "and" if a value is provided. Consider all filter values (for example include, exclude, and date) when adding or modifying scan filters. Avoid unintentionally including everything, or excluding everything from the scan.
e] To exclude items smaller than a particular size, enter a number in the field next to Ignore Smaller Than. Then select the appropriate unit of measure (Bytes, KB, or MB) from the drop-down list next to it.
f] To exclude items larger than a particular size, enter a number in the field next to Ignore Larger Than. Then select the appropriate unit of measure (Bytes, KB, or MB) from the drop-down list next to it.
g] Click Save to save all updates to this target.
xi] Under Scan Type, select Scan only new or modified items (incremental scan). This option is the default for new targets.
If you have changed the policy or other definitions in an existing scan, you can set up the next scan as a full scan. Select the following option:
Scan all items for the next scan. Subsequent scans will be incremental.
If you always want to scan all items in this target, select the following option:
Always scan all items (full scan)
xii] Select the Advanced tab for options to optimize scanning. On the Advanced tab, you can configure throttling options and set Inventory Mode for scanning.
a]Throttling Options
Specify the maximum number of items to be processed per minute, or specify the maximum number of bytes to be processed per minute. For bytes, specify the unit of measurement from the drop-down list. The options are bytes, KB (kilobytes), or MB (megabytes).
Note: Byte throttling is only applied after the fetch of each item. Therefore, actual network traffic may not exactly match the byte throttling that is set.
b] Inventory Scanning
Enter the number of incidents to produce before moving on to the next site to scan (a URL from the Scanned Content tab). To audit whether confidential data exists on a target, without scanning all of it, set up Inventory Mode for scanning. Setting incident thresholds can improve the performance of scanning by skipping to the next site to scan, rather than scanning everything.
After the incident threshold has been reached, the scanning of this site is stopped, and scanning proceeds to the next site. Because the process is asynchronous, a few more incidents may be created than specified in the incident threshold.
######### How to Set Up Scans Of SharePoint Servers #########
Now I will explain you step by step procedure for Configuring and running SharePoint server scans.
To set up scanning of SharePoint servers, complete the following process:
Procedure Step 1: Verify that your SharePoint server is on the list of supported targets.
The following SharePoint server targets are supported:
Microsoft Office SharePoint Server 2007, on Windows Server 2003, 32-bit
Microsoft Office SharePoint Server 2007, on Windows Server 2003, 64-bit, or Windows 2008 R1
Microsoft Office SharePoint Server 2010, on Windows Server 2008 R2
SharePoint 2003 is supported only with the SharePoint scanner.
Supported SharePoint scanner targets:
The following SharePoint targets are supported for scanners:
a] Microsoft Office SharePoint 2007 Server, on Windows Server 2003, 32-bit
Separate scanner installation is available for SharePoint 2007 32-bit servers. Use the following SharePoint scanner installation file for SharePoint 2007 32-bit servers:
SharePoint2007Scanner_windows_x32_11.5.exe
The scanner must be installed on one of the Web Front End (WFE) servers of a SharePoint 2007 32-bit farm.
The Microsoft Visual C++ 2005 SP1 (32-bit) Redistributable Package must be installed on the computer.
b] Microsoft Office SharePoint 2007 Server, on Windows Server 2003, 64-bit, or Windows 2008 R1
Separate scanner installation is available for SharePoint 2007 64-bit servers. Use the following SharePoint scanner installation file for SharePoint 2007 64-bit servers.
SharePoint2007Scanner_windows_x64_11.5.exe
The scanner must be installed on one of the Web Front End (WFE) computers of a SharePoint 2007 64-bit farm.
The Microsoft Visual C++ 2005 SP1 (64-bit) Redistributable Package must be installed on the computer.
c] SharePoint 2003
Make sure the correct SharePoint scanner is installed for your version of SharePoint.
Procedure Step 2 : Verify that you have sufficient permissions to install the SharePoint solution on the Web Front Ends in a Farm.
Also verify that the scan user has the permissions to run the scan of the SharePoint server.
Access privileges for SharePoint 2007 and 2010 scans :
To perform the SharePoint scan, the user accounts should have sufficient rights to access and browse the SharePoint site content. The user account must also have permission to invoke Web services and permission to obtain the access control list (ACL).
These rights correspond to the lower-level SharePoint permissions "Browse Directories,""Use Remote Interfaces," and "Enumerate Permissions." Refer to the Microsoft SharePoint documentation for more information on SharePoint permissions and permission levels. If the user account does not have the "Enumerate Permissions" right, then the ACL is not obtained for the SharePoint content.
The following permission levels in SharePoint already have these permissions defined:
Full Control (includes Browse Directories, Use Remote Interfaces, and Enumerate permissions)
Design (includes Browse Directories and Use Remote Interfaces permissions)
Contribute (includes Browse Directories and Use Remote Interfaces permissions)
Procedure Step3 : Installing the SharePoint solution on the Web Front Ends in a farm :
The SharePoint target running on Network Discover communicates with the SharePoint solution and fetches content after the target is authenticated with SharePoint. You can configure the application to use SSL if secure data transfer is required between the Network Discover and SharePoint servers.
Specific permissions are required for the SharePoint solution installation process.
The Symantec SharePoint solution is versioned, and is not backward-compatible. If you are upgrading from Symantec Data Loss Prevention version 11.5 or earlier, you must upgrade your SharePoint solution.
Below is the lists the SharePoint Solution version that is compatible with your version of Symantec Data Loss Prevention.
Symantec Sharepoint Solution Version Compatible Symantec DLP Version
No Version Number 11.0 through 11.5
11.5.1 11.5.1
11.6 11.6
To install the Symantec SharePoint solution
1] Copy the SharePoint solution installer Symantec_DLP_Solution.exe to a temporary directory on the SharePoint Web Front End. This file is located in the DLPDownloadHome\Symantec_DLP_11_Win\Third_Party\SharePoint or DLPDownloadHome/Symantec_DLP_11_Lin/Third_Party/SharePoint directory, where DLPDownloadHome is the name of the directory in which you unzipped the Symantec Data Loss Prevention software.
2] Start the Windows SharePoint Services Administration service on the SharePoint server. On the SharePoint server, click Start > All Programs > Administrative Tools > SharePoint Central Administration.
3]Double-click the Symantec_DLP_Solution.exe file. The Symantec Data Loss Prevention solution installation program starts.
4] Click Next, and the installation program performs a number of preliminary checks.
If one of these checks fail, correct the problem and restart the installation program.
Click Next.
5] Accept the Symantec License Agreement , and click Next.
6] The installation program copies the files and deploys the solution to all Web Applications in the SharePoint farm.
7] After installation, verify that the SharePoint solution has been correctly deployed to the server or server farm.
8] Connect to SharePoint Central Administration. On the SharePoint server, go to Start > All Programs > Administrative Tools > SharePoint Central Administration.
9] For SharePoint 2007, click the Operations tab. In the Global Configuration section, select Solution management.
10] For SharePoint 2010, click System Settings. Then select Manage Farm Solutions.
11] Verify the deployment. If the solution is installed correctly, the list includes symantec_dlp_solution.wsp.
12] If the solution must be removed, use the SharePoint retract and undeploy features.
Procedure Step 4: Click Manage > Discover Scanning > Discover Targets to create a SharePoint target and to configure scans of SharePoint servers.
Please refer the above First Part of the same article i.e ##### Configuring and running SharePoint server scans#####
Precedure Step 5 : Set any additional scan options for the SharePoint target.
Network Discover scan target configuration options :
Use the General, Scanned Content, and Advanced tabs to configure a Network Discover scan target.
The General tab is available for all types of targets.
The Scanned Content and Advanced tabs are only available for some types of targets.
For the additional configuration information that is specific to one type of target, refer to the section for that target type.
Note that all filters are combined with "and" if a value is provided. Consider all filter values when adding or modifying scan filters, to avoid unintentionally including or excluding everything from the scan.
For configuration when adding or editing a target, select from the following options:
Optional tasks Tab in scan target
Configure required fields.These required fields should be set when a new target is added. General
ScheduleNetwork Discover scans. General
Configure incremental scans. General
Provide authentication, and set up credentials. Scanned Content
Include, or exclude, repositories from a scan. Scanned Content
Filter targets by file size. Scanned Content
Filter targets by date last accessed or modified. Scanned Content
Optimize your resources with scan throttling. Advanced
Create an inventory of the locations of unprotected sensitive data. Advanced
Move or quarantine files in network file shares with Network Protect. Protect
Procedure Step 6: Start the SharePoint server scan.
Click Manage > Discover Scanning > Discover Targets.
Select the scan target from the target list, then click the Start icon.
Final Precedure Step 7: Verify that the scan is running successfully.