2.7 Ensure the SharePoint Central Administration site is not accessible from Extranet or Internet connections

Information

The SharePoint central administration site should be configured so that its ports and
interfaces are not accessible to untrusted external or internet connections.

Rationale:

The central administration site is a critical component to the management of the
SharePoint platform, allowing administrators to perform a variety of administration tasks,
including creating and managing SharePoint Web Applications, Site Collections and Service
Applications. Minimizing unnecessary exposure to this site would certainly help mitigate
risks to the SharePoint platform.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

. On the system where your SharePoint platform is installed, open a command-line
window and type the following command:

cd %CommonProgramFiles%\Microsoft Shared\Web Server Extensions\16\ISAPI

. Determine the current port number for the Central Administration Web site, by
typing the following command:

stsadm -o getadminport

. Configure your firewall so that the SharePoint system and the identified port is not
exposed to external connections.

See Also

https://workbench.cisecurity.org/files/2395

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(11), CSCv6|9.4

Plugin: Windows

Control ID: 1fa92c67c07f3ce97f677a7b8255a916bd23f716158f6275f0b7a92866157d96